[OpenID] [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Peter Williams
pwilliams at rapattoni.com
Sun Oct 19 20:27:54 UTC 2008
http://blog.pingidentity.com/blog/ctotalk/2008/03/31/Dynamic-SAML-Article-in-IEEE-Security-Privacy
references Nate, FYI.
Discussion of one dynamic discovery practice in SAML2 actually available today (that IS just as easy as OpenID, I can attest, having tried both) is at http://blog.pingidentity.com/blog/ctotalk/2008/01/30/Trusting-Meta-Data
OpenID is arguably more simple in its metadata model, but assumes much higher user competence. (Just how many grandmas can really edit their blog landing page's HTML file? My blog provider (Microsoft Spaces) edited out my metadata tags when I tried...and doesn't even tell the user! Their review team apparently view any and all such OpenId1 mechanisms as an "inherently insecure" practice for consumers to exploit, from what I can tell.
But this is really irrelevant. Convergence is now happening nicely, focused on what it is that OpenID added to the pot (metadata-driven protocols flows).
Sure, there are dynamic extensions to SAML like those defined by Shibboleth for dynamic metadata sharing, but out-of-the-box nothing I've been exposed to thus far quite matches the simplicity of the OpenID model.
=shane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081019/583257ee/attachment-0002.htm>
More information about the general
mailing list