Saturday, February 25, 2006
Outstanding Questions on Federated Identity
I previously asked several questions around Federated Identity and figured I would throw out a couple of additional ones in hopes that someone may know the answer?| | View blog reactions
- I remember in the early 90's there was a wonderful directory service known as StreetTalk that came with Banyan Vines. It seems as if Active Directory now has all the functionality of this particular directory service. Would it make sense for a startup to create Active Directory to run on non MS operating systems?
- xacml is a wonderful spec yet none of the identity bloggers seem to be talking about it. More importantly how XACML should be used in conjunction with SAML, InfoCard, SXIP and YADIS. Would be wonderful to hear your thoughts on it?
- The work of the Liberty Alliance still feels somewhat misguided to me. Only working on specs that software vendors who sell products to the enterprise seems limiting. Do they have any outreach program to folks who don't sell software to large enterprises but yet large enterprises interact with? Salesforce.com comes to mind which seems to not have much interest in directly consuming SAML. Has anyone from Project Liberty ever picked up the phone and talked directly with anyone at Salesforce.com?
- Extending the above question further, shouldn't the folks at the Liberty Alliance be working on specifications that could also be used by consumer applications? Why can't I use SAML to sign onto Yahoo, eBay, Amazon, LinkedIn, google and so on?
- The notion of an Enterprise Service Bus is starting to gain traction in corporate America. Many industry analysts are even recommending to their clients open source ESBs such as ServiceMix which has a larger installed base than many commercial ESB offerings. How should one think about consuming identity within an ESB? If you are of the belief that no one is either doing it and/or doing it incorrectly, what would it take to get a couple of vendors to extend ServiceMix so that it becomes the reference implementation for others to understand this problem-space?
- Many folks in the industry have championed specifications to stop email spam. Isn't the problem really centered around lack of good identity standards? Could SAML and/or XACML result in a better method for stopping spam?
- Current encryption techniques used in both SAML and WS-Federation still rely on components of public-key infrastructure. Have these folks ever heard of Identity Based Encryption? Shouldn't these two things converge?
- I have been having conversations with architects in other Fortune 100 enterprises who also believe that XACML will be huge yet none of the industry analysts have written any detailed research in this area. Anyone have thoughts on how we could get Gartner to produce a magic quadrant and Forrester to do a Wave on all the products that support XACML? I would love to see this emerge by the end of Q1 2006. Of course, I have already suggested it to them but I am a lone voice in the wilderness. Could others also ping them to indicate the importance of this matter?
- The media has jumped all over the GPL 3.0 license and its need for DRM software to include its source. I am of the belief that they are having the wrong conversation and have asked myself several questions in this regard. First, I know that many security algorithms that have stood the test of time were all publicly available. In fact, the notion of security algorithms being open source is at least 120 years old. Instead of recommending closed source approaches to DRM, isn't there a way to accomplish the same goal via open source? Likewise, isn't DRM really also about identity? Why not simply include SAML / WS-Federation hooks into DRM engines and leave the code itself open?
- I ran across a vendor Identity Engines which is putting identity in an appliance form factor. When does this approach make sense and when not?
- Their seems to be two vendors doing something really cool with identity, XACML and other specifications. They are Securent and Jericho Systems. How come no one is blogging about them or the space in which they play? I believe it will be huge. I wonder what it would take to convince Jon Udell of Infoworld to do a bakeoff between these two products in the Infoworld test labs?