During last week's Project Concordia call, we had an interesting discussion about cross-protocol identity use cases and scenarios. Ashish made a very good observation during this call: many times when we are discussing identity protocol transitions or cross-protocol use cases, we are not so much dealing with protocol interoperability, but rather with a protocol mashup.
Proper interoperability - in this definition - requires the ability to interpret foreign protocols and have full access to the semantical content. I have sometime referred to this level of interoperability as interchangeability. An example of such high level of interoperability would be the ability to extract authorization data from a Microsoft Kerberos ticket and use the NT-PAC data to create a SAML attribute statement.
A protocol mashup on the other hand would only require very limited knowledge about the semantics of another protocol, but instead it simply profiles the use of one protocol (or in this case: identity system) with another. A simple example would be the use of self-signed InfoCards to authenticate to an OpenID Provider.
tag: interoperability, identity, Liberty Alliance, OpenID, InfoCard
Copyright by Gerald Beuchelt.
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.
In addition, my opinions can change. This weblog provides a momentary snapshot of such opinions. Existing posts that were written in the past do not necessarily reflect my current thoughts and opinions.
For the purposes of attribution, the author is "Gerald Beuchelt" and attribution shall provide a (clickable, where possible) URL to this site.
© 2008, Gerald Beuchelt
E-mail