Friday, October 05, 2007

Federasaurus?

Andre boasts about Ping ID's 'dynamic federation' ideas.

The ideas for more dynamic federation (as I currently understand them) are interesting, but I'm having trouble reconciling the 'only from Ping' with
a game-changing new set of features coming from Ping to completely streamline how to perform single sign-on with partners

with 'partners' implying as it does diversity of federation solutions?

Quibble, I don't believe the proposal streamlines SSO per se, but rather the prior 'trust provisioning'.

3 comments:

Fatguy said...

(From Patrick Harding - Ping CTO)
Automated trust provisioning is an important aspect. Also important is simplified IdP Discovery via email address, limiting the bindings to re-direct and Post which alleviates back channel deployment headaches, allowing opaque attributes to be passed from IdP to SP, etc. (sent from PDA)

Fatguy said...

Correction.

This won't be '...only Ping'. Everything we do will be open, documented and contributed to the community.

Tom Scavo said...

Andre, that's an interesting comment. In one paragraph, you touch on all the weak points of SAML federation. I really am interested in hearing more about what Ping is doing to solve these problems. Pointers?