[OpenID] Transnational Shibboleth communities move against PKI - in favor of validation. Really?

[Peter Williams]

I wrote a long blog post (my first effort in a year) on OpenID, SAML, Shibboleth, and PKI. As always, the interesting points are in the trends involved. The fun part is to see where the intersections lie, and where the natural overlapping points are (or will be, once market forces get to work to force convergence).

http://yorkporc.spaces.live.com/blog/cns!5061D4609325B60!317.entry Rather than sounding like a properly organized academic paper, I hope that it sounds more like a blog post - without being a rant.

The post was finally motivated by moves within the SAML world to catchup to the lead held by OpenID2 - and let SAML2 SSO protocol runs now be wholly controlled by SAMl2 metadata "maintainer" authorities, focused on key management. Obviously, "catchup" is a  loaded characterization!

The fun part is that by taking only a sideways look at the proposal from the Shib world on metadata-based control systems, its more amenable to OpenID conceptions of the world than it might appear at first blush.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081011/c9f5476e/attachment-0001.htm>