Chris Swan's Weblog


Home | Pages | Archives


A good week for identity management

August 4, 2009 10:50 am

I spent the weekend in the North-East of England visiting family and friends, so I didn’t spend as much time as usual with Google Reader keeping up with events in the IT (and broader) world. As I did a mammoth catch up session on the way home I came across two things that I think were necessary, inevitable, took too long to happen, but I’m glad that we got there in the end:

1. Finally an open XACML API – I said some time ago (in this blog post, and during Q&A following my presentation at Catalyst Europe) that XACML was like LDIF for entitlements, without an LDAP – an interchange format without an interface. It’s great to see that some of the major players have finally got around to tackling this one. Hopefully this is the first step towards entitlements being factored out of every application (and service) that we use.

2. Google Apps + OpenID = identity hub for SaaS – it would be easy to dismiss this as yet another announcement of an OpenID identity provider (IDP), which the world is already awash with. I think this one is different however for a number of reasons:

Having had two wishes granted here’s my third…

Google (or a third party working with Google) – please give me a means to provide strong(er) authentication. I will pay for the tokens, but I don’t want to have to build a directory, RADIUS server and enterprise like federation capability just so that I can play. Give me a means to sign in that’s better than just passwords (and some choice over whether that’s an OTP, smartcard, biometric, out of band message or whatever) and a means to let third party RPs know that I signed in strongly, and the SaaS world will take a huge step forward. A repeat of ‘Twittergate‘ can be avoided.

Posted by Chris Swan

Categories: identity, security

Tags: , , , , , , , , , , , ,

One Response to “A good week for identity management”

  1. […] I also at that time highlighted an issue – XACML was ‘like LDIF without LDAP’ – that it was an interchange format without an interface. It was going to be hard for people to universally adopt XACML based systems unless there was a standard way to plug into them. Luckily this was fixed the following year by the release of an open XACML API (which I wrote about in ‘A good week for identity management‘). […]

    By Authorization | Chris Swan's Weblog on May 17, 2013 at 8:23 am

Leave a Reply



Mobile Site | Full Site


Get a free blog at WordPress.com Theme: WordPress Mobile Edition by Alex King.