[OpenID] Reconsideringhttp://openiddifferent from https://openid
Peter Williams
pwilliams at rapattoni.com
Sat Sep 22 04:15:49 UTC 2007
Lets note that there is nothing in the "concept" of OpenID that is particularly new. Its just WebSSO. Its been around a while in varous guises, and various predictions. Here are some old ones:-
http://www.internetnews.com/xSP/article.php/3411_1014961.
http://www.infoworld.com/articles/hn/xml/03/01/07/030107hnliberty2.html?s=IDGNS
A little independent (old) commentary on Liberty (and holds for OpenID) is at
http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci896956,00.html?Offer=5NEWS
The whole flow of OpenID (with validation) is of course identical with that laid out at
http://www.smallnetbuilder.com/content/view/25970/113/1/3/ (!patent warning!)
To address a quite high assurance general-merchant network, you see what VISA actually does - to administer its trust domain (and sell affiliate services back to its own members!) at
https://partnernetwork.visa.com/vpn/global/category.do
Now where does all that fit if placed on our 0-100 scale, based on the 80/20 rule of getting anything to mass adoption?. I'd argue the 100% space for webSSO is divided up something like:-
00-20 academic, no auth publishing
20-40 academic publishing with trackback/cookie-grade snooping/id
40-60 portal/campus (yahoo, LiveID, Internet2 etc)
60-80 merchant shopping/services accounts (e-commerce)
80-85 B2B (tradesecret, copyrights, licensing, billing, proprietary...)
85-90 secure payment (VISANet, ACH, UK-APACS etc)
90-95 Reuters, Lloyds, BiigCompany Supply Chain Management, Telco
95-99 military/govt messaging
99-99.999999 police dossiers/intel (sordid sex and enemy lies)
0.000001 access to national secrets (that are worth a damn after 1 month)
OpenID seems to fit 30-50, and perhaps 80-85.
SAML fits 90-96. Arguably it also fits 80-85 though OpenID v3 could well compete there, if its costs/uptake is a better deal than the work of the traditional SAML vendor. A lightweight SAML2 could take on OpenID in 40-50 tho.
In strange cross-category industries likethat servicing a complete Realty transaction, the space cuts across 50-96. Thus, a multi-protocol WebSSO strategy is called for. OpenID, 3dsecure, SAML2
More information about the general
mailing list