OpenID and a few cows
By KitchenSink on Jun 22, 2009
By far the most enjoyable and creative part of developing technology is when you can have a free flowing brainstorming session where no idea is too crazy and emerging technologies provide fodder for new approaches.
It was late but everyone was energized by our "futures" session, the conversation touched on new projects such as 'oauth' and revisited one we had discarded a few years back due to security concerns, 'openID'.
At the heart of it was our need to expand our identity management infrastructure to serve more than just the sun.com domain. Clearly CDSSO (cross domain single sign on) was at the heart of it, but was that all business wanted, or did we need provide federation using SAML with multiple IDPs? CDSSO is provided out of the box with the Access Manager Policy Agents, but it is a closed solution and would not be available with our custom built SOAP based webservice which comprises 85% of our clients. So do we reimplement CDSSO for our WS clients or just provide full federation capabilities?
Fearing that we would miss our chance for some dinner as it was already past 11 PM, we shutdown our laptops and coiled up our cords. "I don't think it is clear what the business requirement is regarding federation," remarked Kathy.
We walked downstairs to the next level and peered into the windows set into the locked doors. On one side a server room appeared close to completion with servers in the racks, but the other room was still bare with some construction materials to one side. Kathy wanted to take a picture but Nagendra pointed to the watchman inside, "He may not like it". Kathy wondered how they would handle the power outages that frequently occur in India.
We walked down to the next level. The watchman that was supposed to take the little piece of paper that would document our leaving was slumped over his station, sleeping.
Outside, off to the side, on the lawn that was regularly watered and cared for, some people were still about, a cigarette tip glowed red against their dark shapes gathered in the warm Chennai night.
"Technologies such as OpenID are popular because they are so easy for the user" stated Ravi, "it's just a few point and clicks in the browser. It won't matter that the technology has limitations or isn't secure, users will use it anyway".
"Compare that with SAML federation, users will not understand what we mean when we ask them whether to 'link' their accounts", said Bob. "The messaging will be tricky", Kathy agreed. "And I'm not sure what our clients' appetite will be for doing the work on their side"
We walked down to the dirt road, watching the rocky uneven footing. A ghostly shape on the dark road materialized into a white cow as it walked closer. Two more cows, their darker coats harder to see in the night, followed.
"Are these cows owned by someone or do they wander freely?" asked Bob. "They have owners, and they do keep an eye on them, if you watch long enough you will see people come by and check up on them" answered Ravi. "It's amazing how they can keep track of them".
"So the cows are known and they have owners they trust" commented Kathy. "We could support OpenID in this way too", said Ravi, "only trust certain OpenID providers".
We climbed into Ravi's SUV and headed towards the main street to the "Great Kebob Factory" to have an excellent, if overly carnivorous, late night dinner.