[Concordia] OpenID Vs SAML
Don Schmidt
donsch at windows.microsoft.com
Thu Jul 2 20:33:37 EDT 2009
I agree with all the individual points in this thread, except the count of protocols. I would just like to remind everyone of a point that Brett made a few days ago (that was acknowledged as very wise). We are in a multi-protocol world whether we like it or not. And it is not just a matter of two identity/authentication protocols ... there are potentially 5 that I know of.
I co-presented with GSA personnel last week in Washington, DC. They are refreshing the eAuthentication Federation Adopted Schemes. It currently includes PKI and SAML. They are planning to add OpenID, InfoCards and WS-Federation.
So any decisions we make about how to support "both protocols", or how to describe the level of identity/authentication assurance for "both protocols", or how to express the level of assurance for attributes/claims for "both protocols" ... is shortsighted.
This should not fundamentally change any of the design considerations being discussed. But it is important to remember that we should be planning for N claims delivery mechanisms, not just 2 protocols.
--des
-----Original Message-----
From: community-bounces at projectconcordia.org [mailto:community-bounces at projectconcordia.org] On Behalf Of McGovern, James F (HTSC, IT)
Sent: Thursday, July 02, 2009 7:12 AM
Cc: community at projectconcordia.org
Subject: Re: [Concordia] OpenID Vs SAML
I am of the believe that this situation will not get better until
industry analysts acknowledge their role in the world of identity, they
need to solve for the following:
1. Research of identity protocols to date is centered around identity
products where consumers may benefit from learning which non-identity
products in the space of BPM, ECM, CRM, etc can support both protocols
natively.
2. There is a lot of value in some of the open source offerings out
there that get zero coverage. For example, if you were to read an
analyst report on Jboss would you come to learn that it supports SAML
natively
3. How about them eating their own dogfood and making sure that they use
for access to research. It was so cool when I went to the European
Identity Conference and the guys at Kuppinger Cole were passing out
Information Cards to log into the analyst site. I am aware of only one
other analyst firm that even has this on their radar.
4. This morning I had the need to download some files from two vendors
that participate on this list and I still had to use a traditional
credential. This is sad especially when they sell technology that could
make this problem go away. Maybe if analysts started calling them out,
the story would get better.
5. I was looking at the SaaS world where salesforce.com seems to be the
most publicized in terms of SAML support. The analyst mention has been
more of a press release than true analysis. How about outlining some
things that are missing such that customers are more informed and also
know what to ask
-----Original Message-----
From: Cahill, Conor P [mailto:conor.p.cahill at intel.com]
Sent: Thursday, July 02, 2009 8:33 AM
To: Patrick Harding; dave at davekearns.com; Scott Cantor; McGovern, James
F (HTSC, IT)
Cc: community at projectconcordia.org
Subject: RE: [Concordia] OpenID Vs SAML
This depends upon which "customer" you are talking about. If you mean
end-users, then I totally agree. If, on the other hand, you mean an IT
department that is purchasing a product to fit into their network, then
yeah, they do care about the protocols.
Ultimately the IT type guys want that auto-switching 110-250v 50-60 hz
power supply type plug in for SSO so that it just works wherever you
plug it in.
Ultimately the other customer doesn't even want to know about SSO....
they just want to get to their stuff wherever they go.
Conor
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
_______________________________________________
Community mailing list
Community at projectconcordia.org
http://lists.projectconcordia.org/mailman/listinfo/community
More information about the Community
mailing list