Security/identity · 2009-03-16

Mydex demo: lovely identity harmonics

Asa Hardcastle, OpenLiberty rock star, has posted some details on an exciting demo he’s put together on behalf of Mydex.

The demo is a pretty sophisticated combination of identity-related technologies: information cards for authentication and transfer of service-bootstrapping info; XRI for keying into the Mydex personal datastore and some user-driven services; the Identity Web Services Framework (ID-WSF) for pointing off to other loosely coupled services; and SAML as the (ahem) “universal-solvent” assertion format. The use case being addressed here illustrates what, to me, is an important point: we are going to need both front-channel (through the user/user agent) and back-channel (service-to-service) data sharing in the real world, and our identity-enabled architectures need to empower individuals as fully as possible even in the latter case.

Iain Henderson of Mydex is plumbing an interesting issue in Vendor Relationship Management; he calls it Volunteered Personal Information or VPI. Iain’s VPI Special Interest Group is currently working on encapsulating an individual’s contract terms for data-sharing, and I believe this work will ultimately apply to the entire VRM problem space and, indeed, to all cases of “free-agent” identity on the ‘net. Check it out!