Tuesday Mar 06, 2007

OpenID on OpenSSO

Paul Bryan, one of our 'external' OpenSSO committers, has been hard at work implementing an OpenID identity provider for OpenSSO. You can take a look at his work so far at openid.pbryan.com - by the time you read this, there might even be some test accounts available there to play with. I spent a happy half hour last night logging into Jyte, FirstSSO, OpenID Wiki and more.

Watch for the source appearing at OpenSSO any day now...

Wednesday Jan 17, 2007

Signing off for two weeks

Well - Familia Patterson is off to London today for brother-in-law's wedding. Kim Cameron responded to my recent entry on minimal disclosure in CardSpace/InfoCard - unfortunately I won't get a chance to follow up on that for a couple of weeks.

Oh - and Scott Kveton just added me to Planet OpenID. Thanks, Scott!

l8r! Cool Shades!

Tuesday Dec 05, 2006

YADIS/XRI Identifier Resolution with SAML 2.0

This week at Internet Identity Workshop 2006b I've been demonstrating some work I've been doing to combine YADIS/XRI Identifier Resolution (as in OpenID) with SAML 2.0 Web Browser SSO Profile. The user experience is:

  1. I go to a service provider (relying party)
  2. I enter my identifier (URL or i-name)
  3. I authenticate at my identity provider
  4. I can access services at the service provider

The magic takes place between steps 2 and 3: the service provider resolves the user's identifier, which might be a URL or an i-name, to the location of a SAML 2.0 identity provider. The service provider can now do vanilla SAML 2.0 with the identity provider. The easiest way to see what's going on is via a demo, so, here you go:

Click to view Flash presentation

By the way - the service provider is implemented on top of Project Lightbulb. I need to do some tidying first, but I'll put the YADIS/XRI code there soon.

UPDATE - coverage of this demo at IIW2006b:

Friday Dec 01, 2006

57 Varieties of Identifier-based Authentication

Johannes posts about the ongoing work on exploring the synergies between SAML and OpenID in an entry titled Eve and Pat, SAML and OpenID. It's worth reading to get an idea of just how things are coming together. One correction, though, Johannes - you give a table of identifier-based authentication flavours, but you left an important one out. Here is a fuller version:

Of course, the magic of Yadis makes this all very transparent to the user, but, I wonder, how do IdPs and SPs decide which flavour they prefer?

Wednesday Nov 29, 2006

Podcasting and Webcasting

It's been quite a week already and it's only Wednesday night! Yesterday, I was interviewed by Aldo CastaƱeda for 'The Story of Digital Identity' - Aldo's regular podcast. The conversation centered on Project Lightbulb (a sub-project of OpenSSO) - the PHP implementation of SAML 2.0. We covered a lot of ground, looking at the motivation behind Lightbulb and what I'm working on right now - figuring out how we can bring together some aspects of OpenID with SAML 2.0. There are some interesting synergies here, and I'm looking forward to talking about them at IIW2006b next week in Mountain View. If you're not too interested in digital identity, you can always skip to about 47"50' to hear all about single malt Scotch whisky

This was my first podcast experience and a lot of fun it was, much less intense than a webcast (no slides!). Aldo is doing a great job, and I felt quite honored to be a part of 'STODID'. This series of podcasts really is required listening if you want to keep up with what's going on in digital identity.

By the way, you'll need iTunes or Quicktime to play the podcast. I didn't have any luck with Windows Media Player or RealPlayer. Other players might also work - feel free to leave a comment.

Today's event was a webcast for the Liberty Alliance, again focusing on Project Lightbulb, but this time with slides and a demo. In the demo I show how to SAML 2.0 enable a simple PHP application by dragging in the Lightbulb files and editing 4 PHP scripts. I fall off the high wire one time , but recover quite gracefully

The webcast is archived (you might need to scroll down a bit - look for 'Open Source Identity for the Web 2.0 Era'), but you have to download the Webex player to watch it.

I wonder what the rest of the week will bring...




« June 2016