IdP vs OP (WAS: RE: "Editors" Conference Call)
Dick Hardt
dick at sxip.com
Tue Nov 7 15:41:49 UTC 2006
On 6-Nov-06, at 10:25 PM, Drummond Reed wrote:
> Why? It's because in a user-centric identity, the OP is fundamentally
> ********NOT******** (that enough stars for you? ;-) the provider of
> anyone's
> "identity".
It is providing the OpenID protocol service though, correct?
Not sure if you are wanting to suggest a different name ... are you?
> Let me elaborate. In the last 2 months, I've had numerous
> conversations with
> SAML proponents asking me, "Why is there so much interest in
> OpenID? It's
> just reinventing SAML without a lot of the complexity." And each
> time I
> admit that, to the best of my knowledge, this is largely true.
Just like SMTP was reinventing X.400 and LDAP was reinventing X.500. ;-)
Seriously, SAML is a bunch of things:
an abstract message specification (SAML 2.0)
a collection of bindings of the message specification to various
protocols
The big difference is:
+ the simplicity of the message,
+ a lower bar to entry both from a technical and a trust point of
view, and
+ a complete description system description that can be deployed
It is likely that a future OpenID extension/version uses the SAML
message format as more complexity is required in the message.
-- Dick
More information about the specs
mailing list