Friday, February 16, 2007

Metasystem Permutations & Combinations

Ping's 'Internet Scale Identity' paper looks at the Big 4 (SAML, Cardspace, ID-WSF, and OpenID) of identity systems and analyzes each with respect to their support for (oversimplifying)
  1. User authentication (Cardspace & ID-WSF)
  2. Subsequent front-channel SSO & attribute sharing from IDP to RP (Cardspace, SAML & OpenID)
  3. Subsequent back-channel Attribute Sharing from AP to SP (ID-WSF, some SAML & emerging OpenID )
If a single identity transaction can be
  • #1 on its own
  • #1 followed by #2
  • #1 followed by #2 followed by #3
We can add up the theoretical combinations and permutations as follows

2 + (2*3) + (2*3*3) = 2 + 6 + 18 = 26

So, it seems there are 26 different ways to combine the 4 systems into identity transactions. Include X.509-auth direct to RPs and the list only grows.

Higgins has its work cut out for it.

No comments: