- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Sometimes an idea occurs simply because it's time for it to occur. It occurs to multiple people in multiple places at, roughly, the same time. Often those ideas, brilliant though they may be in their own right, are simply the extension of the ideas of others - a synthesis of many thoughts to arrive at a new conclusion. That appears to be happening in identity right now. The last two issues have talked about the grand unified theory of so-called "enterprise-centric" and "user-centric" identity. Now comes a paper talking about the interoperability of the two major user-centric models: information cards and OpenID.
Pamela Dingle, from Nulli Secundis has just released a white paper called "Analysis of a User-Centric Interoperability Event". This is an objective look at the OSIS I3 Interop. Open Source Identity Systems (OSIS) is a meeting place/clearinghouse for those working on identity issues in the open source community. From late 2007 through the RSA conference in April 2008 OSIS conducted its third user-centric identity interoperability event (I3). Pam’s white paper is an analysis of that undertaking.
To paraphrase the introduction to the paper: I3 was a five-month “event” in which organizations, individuals, and projects working in the areas of information cards and OpenID collaborated to define and demonstrate their ability to transact successfully regardless of differences in hardware or software platform. Participants worked within each area to define and test acceptable behaviors for various situations that crop up when loosely coupled solutions communicate with each other via open protocols. Interop participants created results within two different matrices: feature test results which recorded adherence to acceptable behavior when explicitly tested, and cross-solution results which recorded overall interoperability between solutions with complementary roles. Combined, the participants recorded more than 1,200 mostly successful results.
The paper is very thorough – 30 pages of closely reasoned discussion including well documented looks at architecture, protocols and the “nitty gritty” of the two very different approaches to open source, user-centric identity. But Dingle’s own words say it better than mine:
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (3)
getting a 404 on the paper. Must be a bad linkBy Anonymous on September 2, 2008, 2:13 pmcan you publish a working link please? Thanks
Reply | Read entire comment
Fixing the link nowBy Anonymous on September 2, 2008, 12:08 pmSorry - we just fixed a typo and updated the name of the analysis, and in doing so we removed the version number. This link will work now: http://www.nulli.com/resources/documentsofinterest.php#I3Interop...
Reply | Read entire comment
Identity in the BrowserBy Luke on September 1, 2008, 12:28 pmDave, Thanks for bringing attention to the topic of information card and OpenID interoperability. We spend a lot of time thinking about this at Vidoop. Below...
Reply | Read entire comment
View all comments