Wednesday, April 25, 2007

Metasystem-schmetasystem

Premise: a single identity 'session' theoretically (a real instance would be unlikely to have them all) consists of the following stages:
  1. Authentication
  2. Single SignOn
  3. User-agent mediated attribute exchange
  4. Server-to-server attribute exchange
  5. Single Log Out
Our various identity systems can be categorized as to whether they address the 5 stages. My best guess

Authentication
  • Cardspace
  • ID-WSF
Single Sign On
  • OpenID
  • SAML
  • Cardspace (smart client)
  • ID-WSF (smart client)
  • WS-Federation
User-agent mediated attribute exchange
  • SAML
  • Cardspace
  • OpenID (Attribute Exchange)
Server-to-server attribute exchange
  • ID-WSF
Single Log Out
  • SAML
  • WS-Federation

Only 60 combinations to work out. Easy peasy.

No comments: