Thursday, March 29, 2007

WS-* Specs and Project Higgins

ws-* specifications have generated a lot of buzz in the industry. So has the SAML community. There is lots of convergence between the camps. Then there is CardSpace from Microsoft that relies heavily on a number of ws-* specifications.

A notable project that I am keeping my eyes on is the Project Higgins project that provides some mechanism to do things in a pluggable and a generic way.
By the way, a nice post from Jason Greene about signing/encryption stuff with ws-security implementation in JBoss Web Services here:
Here is an interesting group of people working on the Identity Meta System called as "Identity Gang".
Monday, March 19, 2007

Demos Links Please

There are multiple players in the Identity Space - CardSpace, SAML, Liberty, OpenID etc.

It will be good to list all the demos/presentations here for the uninitiated.

Open ID Presentation by Simon Willison

ID Theft is exploding in the US - a new study

Well, a study to send chills up our spines.

Decentralized Identity and OpenSSO

Recently someone mentioned that OpenSSO does Centralized Identity where as decentralized identity should be the real future. Apparently the person told me that Ping Identity has decentralized identity notions.

Well, I cannot fully agree that decentralized identity is the ideal thing for enterprises and partners. It does make a lot of sense with OpenID, CardSpace etc. But are these the real future? Maybe Kim will disagree with me.

I am looking for comments on this. I have not done a detailed investigation into OpenSSO and its architecture. Wonder if Pat can highlight on this topic of 'OpenSSO and Centralized Identity'.

Federated Identity and Federated Authorization

We are more used to the term "Federated Identity" when dealing with IDM. But James McGovern asked a question wondering about a occasional dependence between these two.

Pat Patterson has given a decent outlook on this linking SAML and XACML.
Now, Conor has wildly dismissed the need for Federated Authorization when dealing with Federated Identity. I totally agree with Conor.
I guess, James realized that his question did not get across properly, which I think is genuine.
Friday, March 16, 2007

Eve Maler's SAML Parfait

Very interesting post by Eve on SAML
Scanning through Eve's blogs, found a bunch of links that may be useful to others:

XACML Interop Event

A day after I posted about Burton's XACML interop push, I have been invited to participate in the next interop, under the auspices of OASIS. That was quick, Burton Group.

Interoperability events are very important for the industry. I am sure Burton Identity Group is a critical group for Enterprise Customers.

I have been approved into the XACML Technical Committee at Oasis last week. I need to get a little more active there.

Wednesday, March 14, 2007

Burton's bet on XACML

JBoss 5.0 will have pluggable XACML Authorization support. We are integrating Sun's open source XACML implementation, that is an effort of Seth Proctor and Anne Anderson (both are XACML gurus).

Given this the following post from Burton's Identity Group is pretty interesting.
XACML is cool. Pain points are horrid xml, performance and lack of extensions for things like the EJB layer (where custom schema kicks in). Out goes the question of interoperability across JEE vendors.