[OpenID] Infocards [SAML Token] Vs OpenID Infocards [OpenID Token]
Peter Williams
pwilliams at rapattoni.com
Wed Dec 19 19:38:53 UTC 2007
I still avoid the "laws". Having just been on an internationalized certification course in IT security, they were notably absent from the discussion of best practice, standards etc when discussing I&A for distributed systems.
Using "SP affiliations", SAML provides for reputation services in its WebSSO profiles. Whether the SAML profile used in infocard can exploit SP affiliations is not known (to me.). Right now, the fundamental question is: to infocard or not infocard. Subtleties can wait. First, lets see some large companies go live, with cost models for support that are reasonable. Then, can the incremental cost of delivering the infocard model be brought down to about 5-10c per consumer/user per month.
________________________________
From: Johnny Bufu [mailto:johnny at sxip.com]
Sent: Wed 12/19/2007 11:00 AM
To: Peter Williams
Cc: Prabath Siriwardena; general at openid.net
Subject: Re: [OpenID] Infocards [SAML Token] Vs OpenID Infocards [OpenID Token]
The same OpenID identifier can thus be used across many RPs (if one
wishes to build reputation around it), a feature which I believe
cannot be accomplished with the current Infocard + SAML specification
which strictly enforces the directed identity law.
Johnny
More information about the general
mailing list