Blogger: Bob Blakley
Paul Madsen, commenting on my recent post regarding the Catalyst user-centric identity interop, argues that the event didn’t demonstrate the existence of a metasystem. Robin Wilton agrees with him, as does Gerald Buechelt, who adds his criterion for what would constitute a metasystem:
“Even though there have been a number of different products and projects that successfully worked together, this technology is a far cry from being an identity meta-system. Multiple-protocol interop on the wire would be a true metasystem, and is a goal that various systems -- Liberty, OpenID, and Windows CardSpace included -- would need to work on together. Concordia is (probably more than) a first step towards this goal.”
Even if it were true that there was only one protocol demonstrated on the wire at the Catalyst interop event (which it is not; for example, a variety of different protocols were used to authenticate Identity Selectors to IDPs), I reject the assertion that you can’t have a metasystem without protocol diversity.
It was not a longing for different bitstreams on the wire which gave rise to the desire for an identity metasystem – it was a real honest-to-God human need: “I want to be able to visit different sites without having to create a new account at every site, and I want to do this in a way which doesn’t involve publishing everything about myself to everybody in the world”.
Meeting this need required the identity community to invent at least one set of protocols which enabled different identity systems (not “protocols”) to work together to allow users to carry their identity information around with them.
The fact that it ties multiple systems together is why it’s called a meta-system. Notice that it’s not called a “meta-protocol”.
At the Catalyst interop event we saw users exporting managed cards from different Identity Provider systems into the same Identity Selector system. We saw users using cards from the same Identity Provider system with different Relying Party systems. We saw users authenticating to different Identity Provider Systems with the same (OpenID) credential. We saw several configurations of these components working together with no Microsoft CardSpace components involved at all.
If the Liberty community and the WS-* community want to keep arguing with one another about whose protocols need to be in the mix before we call that mix a metasystem, I suppose there’s nothing that can stop them from doing that. But the argument doesn’t help actual people or actual businesses get any interesting work done.
The participants in the Catalyst interop did help actual people and actual businesses get interesting work done. That’s why OSIS is organizing more interops in the future; bringing Liberty-compliant components to these events and working with the other participants to make them interoperate with everyone else’s technologies would be much more useful than whining about how many protocols must dance on the head of a pin before we’re allowed to call it a meta-pin.
Incidentally, as both Gerald and Jeff Bohren note, the Catalyst interop was the second such event OSIS has organized. I mentioned the first – held at IIW 2007a – in my initial posting. I participated in the IIW inteorp and did not summarize it here only because Dale Olds has already posted an extensive and excellent writeup of the event.
Hear, hear! I lived through the days of the ISO stack in the DoD, when TCP and TP4 tried to coexist. I also have done more IBM SNA that I ever want to admit.
We have one protocol now, TCP/IP, and yet, boy!, do we have an Internet.
I am working on plugging payment providers and merchants together using the InfoCard "protocols". They work just fine. This is not only a whole 'nother domain of identity providers (card issuers), it is a whole 'nother identity use case.
The Catalyst interop is great news indeed!
- TooTallSid
Posted by: TooTallSid | August 09, 2007 at 03:40 PM
When can I start using InfoCards to sign on to TypeKey or TypePad? :O)
Posted by: TooTallSid | August 09, 2007 at 03:41 PM
"If the Liberty community and the WS-* community want to keep arguing with one another about whose protocols need to be in the mix before we call that mix a metasystem..."
Bob, the point I was trying to make, perhaps clumsily, was not about the success of attempts to achieve interoperability between multiple protocols, or multiple instances of a given protocol. As Gerry Beuchelt [sic] points out, the Concordia initiative represents a very positive and productive gathering of WS-*, Liberty and other stakeholders to work on those issues, among others.
Nor was I trying to cast aspersions on the work done at the interop workshop you were reporting on.
I was just nit-picking about the use of the term 'metasystem' to refer to something which, to my mind, isn't one.
Looking beyond the current interop activity - which I hope continues in all its forms - to a future point where there genuinely is a 'metasystem' to describe all the different ways of processing digital forms of identity: what will we call it, if the term 'metasystem' has been prematurely applied to something else?
Posted by: Robin Wilton | August 27, 2007 at 12:02 PM