Monday, September 25, 2006

2d is just sooo last year

My friend Patrick Harding from Ping ID has blogged a nice graphic in which he plots various identity protocols onto a 2D grid.

I question the boundaries and positioning of many of Patrick's ellipses:
  • SAML's ability to cover the user-centric use cases is minimized.
  • Cardspace's relevance to the enterprise is marginalized.
  • Managed Cardspace is shown as enabling more valuable transactions than SAML.
  • Liberty WSF isn't shown.
  • The extreme of the 'user-centricity' axis is typified by 'self-asserted identity (suggesting to me that 3rd party asserted identity is somehow incompatible with "pure" user-centrism)
Regardless of the details (Patrick and I have disagreed before) I think such diagrams are valuable in providing a framework for discussion. So, I was prompted to update my own similar analysis and plot another "identity system" onto the 3 (yes Patrick, 3, count 'em) axes I proposed.

Consequently, below is a plot for the SAML 2.0 Enhanced Client Profile (ECP), distinguished by:
  1. how identity flows 'through' the user agent and thereby enables direct control by the user
  2. the possibility of an asymmetric relationship between the SP and the IDP (as the client can mediate)

By any definition I've seen, SAML ECP is user-centric and so, at minimum, the SAML ellipse in Patrick's diagram should be streched to the right (and a separate, much smaller, ellipse created for WS-Fed, maybe used a dotted line).

2 comments:

Mark Wahl said...

The shading on your 3D shape suggests it is a toroid (donut), so might have a 'hole' at its very center where it does not provide coverage?

Paul Madsen said...

Mark, the donut shape is an artifact of how I created the 3d shape in OpenOffice. I did receive a tutorial on how to remedy this but didn't get around to applying the fix.