The second integration scenario described in the paper could have come direct from yesterday's PR (albeit with an interesting SAML twist)
- signon.com has implemented phishing resistant authentication and supports Self-asserted Card Space authentication. Alice uses her CardSpace Identity Selector to authenticate to signon.com.
- After successfully authenticating Alice, signon.com use the OpenID protocol to redirect Alice back to isp.com
Really great news coming on Ping Identity.