Wednesday, November 21, 2007

Play the cards you were dealt

Update: Drummond corrects me, diagrams revised accordingly below.


Higgins has created a taxonomy of i-cards.

I believe the following captures the relationships as expressed.

In his recent announcement of about upcoming SAML support in Higgins, Paul suggests the possibility of an 'S-card', shown here

Where an S-card would be some XML instance pointing at a SAML IdP including necessary endpoints for the client to send/forward SAML protocol messages, with metadata about what identity attributes that IdP can provide, possibly with particular policy characteristics (e.g. security and/or authentication mechanism etc). Sounds likea a profile of SAML metadata.

NTT's SASSO 'SAML IDP on your phone' model balances things out nicely.


No comments: