10 January 2012

Identity and Authentification

Where it is going ??

Various organisation are working on the problem and its solutions. They produce specification draft, Use case studies, they try to attract members who are waiting for a solution to emerge.

Main players: OpenID & OAuth

OpenId is divided in two: OpenID 2.0 and OpenID Connect. It may be a real plus when linked with WebID, but is still experimental. The decentralized aspect is nice, but I am not sure if people are really concerned. Depending entirely on Facebook doesn't seem to bother anyone. So OAuth or even a proprietary Facebook protocol may seriously reduce OpenID success.

OpenID is supported by Google, Microsoft (LiveID = OpenID), and the US Governement (http://www.idmanagement.gov/)

OAuth 2.0 (IETF) looks like the most successful protocol. It can be used to login even if it was not its first goal.

OpenID and OAuth have a good adoption, which is critical for being relevant in the Identity space

The US "Federal Identity, Credential, and Access Management" (ICAM) validated OpenID 2.0 and SAML 2.0 as Trust Framework. They provide some good documents.

Experiments: WebID & BrowserID

WebID (W3C)

  • takes some idea from Microsoft InfoCard abandoned attempt (after the failed Passport attempt)
  • Avoid the hierarchical trust model used to authenticate servers
  • could moves toward a Web Of Trust, but does not even mention it.
  • Looks like it uses RDF to express Trust relationships ?

BrowserID https://browserid.org/ is a Mozilla Labs experiment with the simplified version of the "Verified Email Protocol". It is very simple and web oriented. It doesn't seems to be very successful so far.

Others ??

Usages

Identity in the Cloud (OASIS) is "just" a long and freightening list of use cases. For those who don't see the problem, it is a good read !

JSR 351 is a work in progress "to define API ... that facilitate the use of identity by applications ..." . It will bring standard Java API to well established standards: OAuth, OpenID ... and also annotations to avoid lookups.

Post a Comment

October summary - 2017-10

10 October Science Looks like the p-value has been under fire for years. https://www.nature.com/news/one-size-fits-all-threshold-for-p-value...