[OpenID] Real Identity Verification

George Fletcher gffletch at aol.com
Tue Nov 4 12:59:46 UTC 2008 

Unfortunately, no "Identity Foundation" but there is "Project Concordia" 
[1] which is a group of companies and individuals looking to solve "real 
world" use cases that cross the different identity protocol "boundaries".

Thanks,
George

[1] http://www.projectconcordia.org/

Steven Livingstone-Perez wrote:
>
> Thanks Nate. I didn’t realize there was a Information Card foundation too.
>
> Slight aside, but is there an “Identity Foundation”? A group of people 
> and resources from each of these projects that as consumers we could 
> follow easier? Would be nice if there was a advantages/disadvantages, 
> libraries, suggested architecture and so on to help decision makers 
> (not just business, but technical level).
>
> You see my point to them was that Shibboleth will be useful for users 
> under their control and their core applications, but OpenID would be 
> very good for their public forums, discussions and so on – things that 
> are to be more fluid. I would love to point them at a 
> “proven/suggested architecture” diagram rather than creating my own.
>
> steven
>
> http://livz.org
>
> *From:* Nate Klingenstein [mailto:ndk at internet2.edu]
> *Sent:* 04 November 2008 12:20
> *To:* Steven Livingstone-Perez
> *Cc:* 'Rebecca Cannon'; general at openid.net
> *Subject:* Re: [OpenID] Real Identity Verification
>
> Steven,
>
>     They are likely to go with Shibboleth (currently using Athens) at
>     the core because of the higher level of trust and verification as
>     compared to OpenID.
>
> The UK Federation for Access Management is up to 618 members 
> (http://www.ukfederation.org.uk/), and they're working very hard to 
> ensure a consistently good level of practices and trust throughout. 
> It's truly multilateral and a high level of assurance, and they've 
> done excellent work.
>
>
>
> I argued that to the public user OpenID is much easier to attain and 
> run with – especially with Google. Microsoft, Yahoo etc now supporting it.
>
> This is no doubt true, but I think that Yahoo, Microsoft, and Google 
> offer a very different level of trust and verification with their 
> email accounts. They've got a business to run.
>
>
>
> There was also the argument that you can protect resources directly 
> using Shibboleth. Now maybe someone working on this can correct me, 
> but my guess is that if you can’t already, you will soon be able to 
> map an OpenID to a token (say a SID in windows) and you’ll protect 
> resources using the common operating system rather than a brand new 
> way of protecting resources. True?
>
> Shibboleth's SP design is more at work here than anything 
> protocol-related here. The SP is built to protect resources and paths 
> directly, like a filter, with very little to no modification of or 
> integration into the application. As far as integration with the 
> operating system goes, if CardSpace rises from the grave -- four days 
> too late for that metaphor to be good -- then we'll all be in good 
> shape regardless. Microsoft's new Geneva identity suite will probably 
> offer a lot of integration, with all the good and "aaaargh" that comes 
> with that.
>
> http://www.theregister.co.uk/2008/10/30/microsoft_generva_hailstorm/
>
> I'd like to remind people to focus a little less on protocols we use 
> and a little more on trust structures. OpenID as a protocol couldn't 
> support these trust structures today, partially by design; that could 
> change in the future as the set of deployers changes. Today, 
> Shibboleth is, in my incredibly biased opinion, a fine choice for your 
> application that requires trusted identity from known sources and 
> privacy for your users.
>
> Thanks for the interesting anecdote,
>
> Nate.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-- 
Chief Architect                   AIM:  gffletch
Identity Services                 Work: george.fletcher at corp.aol.com
AOL LLC                           Home: gffletch at aol.com
Mobile: +1-703-462-3494
Office: +1-703-265-2544           Blog: http://practicalid.blogspot.com

More information about the general mailing list