Blogger: Bob Blakley
Paul Madsen, commenting on my recent post regarding the Catalyst user-centric identity interop, argues that the event didn’t demonstrate the existence of a metasystem. Robin Wilton agrees with him, as does Gerald Buechelt, who adds his criterion for what would constitute a metasystem:
“Even though there have been a number of different products and projects that successfully worked together, this technology is a far cry from being an identity meta-system. Multiple-protocol interop on the wire would be a true metasystem, and is a goal that various systems -- Liberty, OpenID, and Windows CardSpace included -- would need to work on together. Concordia is (probably more than) a first step towards this goal.”
Even if it were true that there was only one protocol demonstrated on the wire at the Catalyst interop event (which it is not; for example, a variety of different protocols were used to authenticate Identity Selectors to IDPs), I reject the assertion that you can’t have a metasystem without protocol diversity.
It was not a longing for different bitstreams on the wire which gave rise to the desire for an identity metasystem – it was a real honest-to-God human need: “I want to be able to visit different sites without having to create a new account at every site, and I want to do this in a way which doesn’t involve publishing everything about myself to everybody in the world”.
Meeting this need required the identity community to invent at least one set of protocols which enabled different identity systems (not “protocols”) to work together to allow users to carry their identity information around with them.
The fact that it ties multiple systems together is why it’s called a meta-system. Notice that it’s not called a “meta-protocol”.
At the Catalyst interop event we saw users exporting managed cards from different Identity Provider systems into the same Identity Selector system. We saw users using cards from the same Identity Provider system with different Relying Party systems. We saw users authenticating to different Identity Provider Systems with the same (OpenID) credential. We saw several configurations of these components working together with no Microsoft CardSpace components involved at all.
If the Liberty community and the WS-* community want to keep arguing with one another about whose protocols need to be in the mix before we call that mix a metasystem, I suppose there’s nothing that can stop them from doing that. But the argument doesn’t help actual people or actual businesses get any interesting work done.
The participants in the Catalyst interop did help actual people and actual businesses get interesting work done. That’s why OSIS is organizing more interops in the future; bringing Liberty-compliant components to these events and working with the other participants to make them interoperate with everyone else’s technologies would be much more useful than whining about how many protocols must dance on the head of a pin before we’re allowed to call it a meta-pin.
Incidentally, as both Gerald and Jeff Bohren note, the Catalyst interop was the second such event OSIS has organized. I mentioned the first – held at IIW 2007a – in my initial posting. I participated in the IIW inteorp and did not summarize it here only because Dale Olds has already posted an extensive and excellent writeup of the event.