By far the most enjoyable and creative part of developing technology is
when you can have a free flowing brainstorming session where no idea is
too crazy and emerging technologies provide fodder for new approaches.
It was late but everyone was energized by our "futures" session, the
conversation touched on new projects such as 'oauth' and revisited one
we had discarded a few years back due to security concerns, 'openID'.
At the heart of it was our need to expand our identity management
infrastructure to serve more than just the sun.com domain. Clearly CDSSO
(cross domain single sign on) was at the heart of it, but was that all
business wanted, or did we need provide federation using SAML with
multiple IDPs? CDSSO is provided out of the box with the Access
Manager Policy Agents, but it is a closed solution and would not be
available with our custom built SOAP based webservice which comprises
85% of our clients. So do we reimplement CDSSO for our WS clients
or just provide full federation capabilities?
Fearing that we would miss our chance for some dinner as it was
already past 11 PM, we shutdown our laptops and coiled up our cords.
"I don't think it is clear what the business requirement is regarding federation,"
We walked downstairs to the next level and peered into the windows
set into the locked doors.
On one side a server room appeared close to completion with servers
in the racks, but the other room was still bare with some construction
materials to one side. Kathy wanted to take a picture but Nagendra
pointed to the watchman inside, "He may not like it". Kathy wondered
how they would handle the power outages that frequently occur in India.
We walked down to the next level. The watchman that was supposed to
take the little piece of paper that would document our leaving was slumped
over his station, sleeping.
Outside, off to the side, on the lawn that
was regularly watered and cared for, some people were still about,
a cigarette tip glowed red against their dark shapes gathered in the warm
"Technologies such as OpenID are popular because they are
so easy for the user" stated Ravi, "it's just a few point and clicks in the browser. It
won't matter that the technology has limitations or isn't secure, users will use it anyway".
"Compare that with SAML federation, users will not understand what we
mean when we ask them whether to 'link' their accounts", said Bob.
"The messaging will be tricky", Kathy agreed. "And I'm not sure what
our clients' appetite will be for doing the work on their side"
We walked down to the dirt road, watching the rocky uneven footing.
A ghostly shape on the dark road materialized into a white cow as
it walked closer. Two more cows, their darker coats harder to see in the night,
"Are these cows owned by someone or do they wander freely?" asked Bob.
"They have owners, and they do keep an eye on them, if you watch long
enough you will see people come by and check up on them" answered Ravi.
"It's amazing how they can keep track of them".
"So the cows are known and they have owners they trust" commented Kathy.
"We could support OpenID in this way too", said Ravi, "only trust certain
We climbed into Ravi's SUV and headed towards the main street to
the "Great Kebob Factory"
to have an excellent, if overly carnivorous, late night dinner.