Distinguishing communities for fun and profit

Pat Patterson has done a wonderful thing in creating Planet Identity, a time-saving device of the first order (for those among us who are identity-crazed…). There I found this musing by the erudite Paul Madsen on how it’s possible to identify SAML community members (what he calls SAML’ites): we talk about “back-channel” communications — SOAP-based communications (versus “front-channel” ones — browser-intermediated). According to Paul, other similar technology systems don’t call out back-channel communications specially.

Actually, Liberty’ites (Libertarians? nope, that’s taken) were the ones who introduced this locution formally, so I don’t believe this distinguishes between the Liberty and SAML communities. I can suggest one that does.

Liberty introduced a neat “reverse-SOAP” means of communication that cleverly piggybacks SOAP messages on top of HTTP going the other way around, so that you can do identity-related messaging with devices that aren’t SOAP-aware but are otherwise “identity-smart” (not mere unmodified commercial browsers). Colloquially, this is known as PAOS. Here’s the abstract from the relevant spec (which exhibits some characteristics of both front and back channels, by the way):

SOAP is a lightweight protocol for the exchange of information in a decentralized, distributed environment. SOAP enables exchange of SOAP messages using a variety of underlying protocols. The formal set of rules for carrying a SOAP message within or on top of another protocol (underlying protocol) for the purpose of exchange is called a binding. Here a binding is specified that enables HTTP clients to expose services using the SOAP protocol. The primary difference from the normal HTTP binding for SOAP is that here a SOAP request is bound to a HTTP response and vice versa. Hence the name “Reversed HTTP binding for SOAP”.

In its Version 2.0, SAML adopted this PAOS method as one of its protocol bindings. Here’s the kicker: I’ve noticed that in SAML discussions, this is usually pronounced “pay-oss”. But in Liberty meetings, it’s pronounced “paah-ose” — by some of the same people. What’s with that??

No tags for this post.

2 Comments to “Distinguishing communities for fun and profit”

  1. Superpat 7 June 2005 at 10:04 pm #

    Libertines? :-)

  2. […] Now, because you’re a human, the technical methods for achieving this other half don’t necessarily look exactly like the methods used in the traditional half. For example, Liberty’s identity web services framework (which is normally a back-channel, machine-to-machine sort of thing) has what it calls an interaction service, which allows an identity service to check with a human to gain their consent in synchronous fashion before releasing information about them. Robin’s post linked above quotes Kim Cameron, who is commenting on the legal aspects of circles of trust: Now, perhaps I am just a man with a hammer who sees everything in the world as a nail, but the paper reinforced my thinking that the more our systems are built to guarantee that the user is the conscious agent of information release (rather than having this done on his behalf), the better privacy is served, and the simpler our lives become from a legal and policy point of view. […]