Monday, March 10, 2008

Prove It (or Fox-Terriers and Small Horses)

On the capabilities of (now)Microsoft's U-Prove crypto, I keep coming across

U-Prove works with SAML, Liberty ID-WSF, and Windows CardSpace

Does it? I hope it will for all three, but as far as I know, U-Prove hasn't as yet been profiled or demonstrated to do so for any of them.

I imagine that Microsoft & Credentica discussed at great lengths the 3rd integration before the (RSA) private keys for contract signing came out, and will be spending a not insignificant amount of time going forward on the details (reconciling what appear to me to be 'topological incompatibilities').

As for the integration with SAML, dunno. For that with ID-WSF, double dunno.

A search is revealing, the phrase 'U-Prove works with SAML, Liberty ID-WSF, and Windows CardSpace' begins its life in a Credentica whitepaper, but, unconstrained by such a likely subjective origin, moves on from there - to occurrences in respected (and unaffiliated) blogs and news articles.

The phenomena (unquestioned repetition of an original unverified claim) reminds me of a Stephen Jay Gould essay called "The Case of the Creeping Fox Terrier Clone", in which he tracked the memeology of the 'about the size of a fox-terrier' descriptor for Hyracotherium/Eohippus, the earliest (and smallest) member of the horse family. Facts notwithstanding, (Eohippus was not the size of a fox-terrier), the descriptor persisted through countless high-school science books.

To clarify, I hope 'U-Prove works with SAML, Liberty ID-WSF, and Windows CardSpace'. I even believe it will eventually. But, at least currently, to say so is to make a claim, and should be treated as such, with a healthy dose of doubt (and for me personally, I always mix my doubt with cynicism).

1 comment:

christian said...

Hey Paul,

Yes, the “claim” originated from Credentica documentation, relating to investigation we did back then. The U-Prove technology consists of a set of protocols, which can be profiled by many standards/frameworks, including SAML and Liberty ID-WSF (using advance clients’ functionality).

We wanted at the time, when we joined Liberty Alliance, to push things forward. We investigated integration points; but it did not resonate strong enough with the right people and it did not justify for us to “demonstrate” this integration by building a working showcase (not a light task!).

As for SAML, we wrote an internal profile to protect SAML assertions with ID Tokens. We even had some sample code working, which might see the light of day eventually.

Now, this profiling work is still valid, and may be continued if there is an opportunity.

Yes, the focus at first will be to integrate the technology into WS-Trust/CardSpace. But the goal, as expressed by many, is to make this part of the identity infrastructure, whatever this infrastructure will look like.

Hopefully we might work together in the future to “demonstrate” these claims!