Wednesday, June 13, 2007
Thoughts on CardSpace and Java
Kim Cameron of Microsoft discussed how they will be providing support for Cardspace in other languages. I hope that he will consider the following thoughts as they move forward...
Gerry Gebel of The Burton Group will also be performing an interoperability event at their upcoming Catalyst conference in this space. Whether you look at Oracle with their CoreID product, CA with their Siteminder product, Tivoli with their product or Sun with Access Manager product, all the web access management products in the marketplace will rapidly move forward with creating support for Cardspace in terms handling the relying party part of the equation.
The part that I suspect will be detrimental to Cardspace has more to do with the identity provider and the issuance of cards. Consider the fact that all of these vendors also have identity management products and therefore will naturally conclude that card issuance should be a feature that is built in and here is where it gets twisted. The thing that most vendors won't necessarily conclude is that there is a low correlation between the folks that may use their web access maangement products to those who are also using the same vendors identity management products which will result in the lack of companies being able to generate managed cards as part of the solution and may get left stuck.
At some level, Microsoft has made the same mistake by embedding support for card issuance into their products without necessarily providing guidance on how card issuance should work at a higher level. For example, .NET 2.0 comes with the notion of a SQLMembershipProvider but what about if you are using another form of store?
Hopefully, collectively Kim and Gerry could encourage all the vendors working in this space to develop separate libraries that are enterprise friendly to enable card issuance against any data source we may use whether it is custom COBOL code exposed through RACF or something stored in LDAP and to not couple it to products they may already have. In the same way that Microsoft exposed a Visual Studio Toolkit to create Cards, the equivalent should exist within Eclipse.
The ideal scenario for customers for a first release would the way to create card issuance via generic code in Java and Ruby on Rails where a user describes a map between their stores and the claims they require. Of course, this code/library should be unrestricted open source as it may need to be embedded within other products whether a CRM system, custom developed appication, etc.
OpenID is also fast approaching yet it seems as if they are two disparate communities. From the perspective of the enterprise, support for both approaches should come from usage of one common code base...
| | View blog reactionsGerry Gebel of The Burton Group will also be performing an interoperability event at their upcoming Catalyst conference in this space. Whether you look at Oracle with their CoreID product, CA with their Siteminder product, Tivoli with their product or Sun with Access Manager product, all the web access management products in the marketplace will rapidly move forward with creating support for Cardspace in terms handling the relying party part of the equation.
The part that I suspect will be detrimental to Cardspace has more to do with the identity provider and the issuance of cards. Consider the fact that all of these vendors also have identity management products and therefore will naturally conclude that card issuance should be a feature that is built in and here is where it gets twisted. The thing that most vendors won't necessarily conclude is that there is a low correlation between the folks that may use their web access maangement products to those who are also using the same vendors identity management products which will result in the lack of companies being able to generate managed cards as part of the solution and may get left stuck.
At some level, Microsoft has made the same mistake by embedding support for card issuance into their products without necessarily providing guidance on how card issuance should work at a higher level. For example, .NET 2.0 comes with the notion of a SQLMembershipProvider but what about if you are using another form of store?
Hopefully, collectively Kim and Gerry could encourage all the vendors working in this space to develop separate libraries that are enterprise friendly to enable card issuance against any data source we may use whether it is custom COBOL code exposed through RACF or something stored in LDAP and to not couple it to products they may already have. In the same way that Microsoft exposed a Visual Studio Toolkit to create Cards, the equivalent should exist within Eclipse.
The ideal scenario for customers for a first release would the way to create card issuance via generic code in Java and Ruby on Rails where a user describes a map between their stores and the claims they require. Of course, this code/library should be unrestricted open source as it may need to be embedded within other products whether a CRM system, custom developed appication, etc.
OpenID is also fast approaching yet it seems as if they are two disparate communities. From the perspective of the enterprise, support for both approaches should come from usage of one common code base...
