Language / Security/identity · 2005-06-06

Distinguishing communities for fun and profit

Pat Patterson has done a wonderful thing in creating Planet Identity, a time-saving device of the first order (for those among us who are identity-crazed…). There I found this musing by the erudite Paul Madsen on how it’s possible to identify SAML community members (what he calls SAML’ites): we talk about “back-channel” communications — SOAP-based communications (versus “front-channel” ones — browser-intermediated). According to Paul, other similar technology systems don’t call out back-channel communications specially.

Actually, Liberty’ites (Libertarians? nope, that’s taken) were the ones who introduced this locution formally, so I don’t believe this distinguishes between the Liberty and SAML communities. I can suggest one that does.

Liberty introduced a neat “reverse-SOAP” means of communication that cleverly piggybacks SOAP messages on top of HTTP going the other way around, so that you can do identity-related messaging with devices that aren’t SOAP-aware but are otherwise “identity-smart” (not mere unmodified commercial browsers). Colloquially, this is known as PAOS. Here’s the abstract from the relevant spec (which exhibits some characteristics of both front and back channels, by the way):

SOAP is a lightweight protocol for the exchange of information in a decentralized, distributed environment. SOAP enables exchange of SOAP messages using a variety of underlying protocols. The formal set of rules for carrying a SOAP message within or on top of another protocol (underlying protocol) for the purpose of exchange is called a binding. Here a binding is specified that enables HTTP clients to expose services using the SOAP protocol. The primary difference from the normal HTTP binding for SOAP is that here a SOAP request is bound to a HTTP response and vice versa. Hence the name “Reversed HTTP binding for SOAP”.

In its Version 2.0, SAML adopted this PAOS method as one of its protocol bindings. Here’s the kicker: I’ve noticed that in SAML discussions, this is usually pronounced “pay-oss”. But in Liberty meetings, it’s pronounced “paah-ose” — by some of the same people. What’s with that??