Security/identity · 2007-02-16

Viewing identity in landscape mode

I must be used to Seattle weather by now; my visit to San Francisco last week for the RSA Conference provoked a bit of annoyance at the pelting “hard rain” we saw all week, vs. the (wafting?) “soft rain” I’m now used to. Goodness knows how I’d get through a Boston winter at this point. But once I was safely indoors, rain dripping from my conference-giveaway hooded windbreaker, the conference provided a great experience.

I spoke with Brett McDowell in the Industry Experts track on the last day, on the subject of Federated Identity: Evolving Past Industry Strife. (I’m trying to keep my publications page updated; you should always be able to find links to my talks there.) In this talk we introduced the Liberty Alliance, reviewed its major technical spec deliverables and deployment patterns to date, and discussed some of the complementary, overlapping, and distinguishing features and “convergence touchpoints” of many of the technologies in the landscape — SAML, Liberty Web Services, CardSpace, and OpenID, and even WS-*.

We also described a new program called Concordia (after the Roman goddess of agreement, understanding, and marital harmony!), in which Liberty is offering to serve as a collection point for real-world use cases around heterogeneous deployments of identity technologies and do interoperability testing around them, in the manner that it already does testing certification for SAML2 and ID-WSF. It’s quite likely that this exercise will uncover even more convergence touchpoints and, I hope, multi-party commitments to better protocol alignment and unification into the works. Stay tuned for more info about the program as a whole.

Relatedly, Liberty’s new site has some broad surveys of the space in wiki form, to which anyone can contribute: the Related Projects page and the Identity Landscape page. I plan to keep an eye on these.

I may have caught up on email, and recovered from the cold I had last week, but I’ve still got a bunch of thoughts saved up and I’ll try to share them here in the next few days. Will that qualify as a steady drip, drip, drip? (Five points for identifying the original reference for that…)