[OpenID] OpenID AX and LIberty

Peter Williams pwilliams at rapattoni.com
Sun Aug 12 03:07:05 UTC 2007 

 
 
Nevertheless, based just on the phrase "Attribute Exchange", it
sure does seem to bear a lot in common with the Liberty Alliance
notion of account linking.


-----------------------------------------------------
 
So, without commenting on the above, I do have a little account linking story - one building on discussion here earlier making OpenID cooperate with an existing SAML2 infrastructure now made nationwide -- for use by US Realty ...and obviously consumers accessing US Realty
 
So I finally finished my code
 
(a) the MSFT/NET2.0-ported Mono.Security libraries, JanRain OpenID lib dll, and the JanRain ASPX-sites for OpenID consumer, OpenID server
 
(b) the Ping Identity demo IDP and demo SP websites written in ASPX classes hosted in some (HTTP) endpoint container
 
(c) Two Ping Identity SAML2 server configured with an account-linking (name-federating) connection, with persistent pseudonym learning/linking
 
the resulting 3 websites start easily in 3 debug-monitored processses in the free-to-download Vis Studio IDE, and result in in an account-linked SAML-backend supporting a front OpenID Auth/AX process.
 
Im happy to distirubted the code or my patch file, if Ping will authorize me to re-distubute their sample code - or the patch of just a few hacks. The hacks enabled the SAML SP demo website to merge with Janrain OpenID-Server demo site, and act as a OpenID/SAML2 gateway. Obviously, one needs to go get the eval-licensed version of the Ping SAML server to complete the scenario.
 
When you configure the Ping SAML2 server to use those demo websites in account linking mode (using a demo handler provided by Ping), presentation of a IDP-name at the IDP SAML2 site is name-federated by account linking to the gateway, which thereafter continues in the OpenID name/ID space.
 
Though the JanRain implemnetations uses the YADIS protocol and file, I think the OpenID Auth crypto handshakes and state machine is conforming only with OpenID 1.1.
 
What I love someone to do is backport this all to Mono, including the Ping .NET compiled libraries. Then, we can run it all on Mono at Linux too.
 
Peter.

More information about the general mailing list