Pushing String

Fulup Ar Foll, an incredibly talented person and one of my (many) favorite colleagues at Sun, has done it again. He’s got serious chops as a master architect in deploying identity and security services, and he’s also a riveting speaker who can convey the value proposition in terms that are easy for anyone to grok. It’s a close second-best to read slides that he’s put together, so you really need to check out his latest: Next Generation of Identity Aware Applications (PDF), presented at the OASIS Symposium a couple of weeks back.

I’ve blogged in recent months about public-sector/eGovernment uses of SAML2 and Liberty Web Services because I think it makes for an interesting and challenging set of use cases. Citizens and other constituents, such as tax-paying businesses, have a lot of important requirements for their identity-enabled interactions with their governments. Privacy, and in some cases (like e-voting) anonymity, count for a lot. And governments have an interesting set of problems that reflects somewhat of a harsher reality than private-sector enterprises have. Given all this, and since eGovernment has been such a fast-moving space, I think the private sector can benefit from the “debugging” that the public sector has done. Fulup lays out such situations neatly in these slides, and even (gasp) invokes the phrase “user-centric” in describing their architectural requirements.

The presentations from last week’s Liberty eGovernment Workshop in Brussels make a nice counterpart. They were delivered by representatives of government agencies from all over, including several I haven’t touched on before.

So if you’re pining for a trip around the world but can’t get away just now, do the next best thing and check out these resources.

I spent a heady couple of days this week at the Technology@Sun conference. The physical setting was beautiful and, unusually for this sort of event, the attendees got to enjoy the out-of-doors a little bit as we strolled between our rooms and the main building. But even better was the chance to hear from, and interact with, some very smart and accomplished people (hi Ken!). We filled four rooms with technical posters, and the organizers built in plenty of hallway and poster-discussion time. (I know I wasn’t the only one thinking that a little unconferencing next time wouldn’t go amiss.)

Josh Simons, who helped run the event, has more. But he’s missing the crucial piece — a picture of Mike Splain wearing his official Chief Engineer’s hat. Oh yeah…

Mike Splain, Chief Engineer (with Niagara 2 hat pins)

My Mudcat bandmates and I often joke that we’re in a “geezer band”. Luckily, it seems that we’re doing exactly the right thing to stay young. Presenting The Zimmers! (Don’t miss their MySpace page.)

Don’t forget that going to live music performances also has an anti-aging medicinal effect. If you’re in the Seattle area next weekend, come on down for a draught or two…

A proposal for a new OASIS Technical Committee called WSFED was submitted on March 19 for the “continued refinement” of WS-Federation V1.1. Following OASIS process rules, a period of public comment was held; you can see the official comments in these mailing list archives (Sun’s comments are here). The TC proposers will have a teleconference tomorrow to discuss the comments.

Tim Bray has offered some of his trademark bracing commentary, and the Burton Group has blogged some commentary and analysis, wherein they specifically invite further comments.

Some previous analysis of WS-Federation with respect to SAML, on a fairly detailed technical level, can be found on Hubert’s blog. Elsewhere he notes an analysis done by the Danish government at a higher business and technical level, ultimately motivating their selection of SAML V2.0. (A couple of previous posts of mine about SAML2 usage in the public sector put additional meat on the bones of this sort of analysis.)

I’m proud to have been involved in a number of successful convergence activities. In a way, any standards effort that codifies current practice has a strong element of convergence or boiling down, but when it’s an explicit effort to make there be fewer stacks in the world so that usage and deployment can surge forward, it’s really something cool. SAML V1.0 itself converged the S2ML and AuthXML camps. SAML V2.0 converged the SAML V1.x, Shibboleth profile, and Liberty ID-FF streams. It’s not easy to do, and even when the parties are very friendly towards each other, there are challenges. But first, the lightbulb has to want to change.

I can think of a number of activities that could promote convergence. To give deployers of federated identity technologies the best confidence that the results will be useful and interoperable, I personally think that a program of profile, extension, and/or binding definition activities in the Security Services (SAML) TC is the ideal way to go — it comes with long expertise, lots of existence proofs, and even an interoperability certification program run by the Liberty Alliance. But any joint effort that gets the parties committed to addressing overlaps in a standards body would be helpful.

UPDATE 5 Apr 2007: The telecon was held this morning. TC convener Paul Cotton responded to the collected comments by reading from a prepared text that gave the same answer 30 times: “Proposed response: no changes to the WSFED TC charter are required.” The sole exception was to accept the comment noting extraneous characters. Message received loud and clear! :-) Further reaction can be found at Paul’s place and in comments at the Burton blog.

UPDATE 11 Apr 2007: The comment resolution log has been posted.