incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Recordon, David" <drecor...@verisign.com>
Subject RE: [PROPOSAL] Heraldry Identity Project
Date Thu, 29 Jun 2006 13:50:20 GMT
For the last IETF meeting, Dick Hardt of Sxip had created a mailing list called DIX (http://dixs.org
<http://dixs.org/> ) and had a BOF under the same name. It was focused on the Sxip 2.0
protocol as a way to move authentication and profile assertions. Sxip 2.0 is also based upon
OpenID 1.1 at a protocol level. During the BOF it was clear that there was not consensus that
the technology Dick was proposing would meet the needs of everyone at the IETF, nor did everyone
really understand the problem they were trying to solve.

After the BOF, Sxip documented a set of use cases as well as began investigating the use of
SAML assertions for exchanging profile data. Their goal was to create a light-weight version
of a SAML profile, though took it to the extreme that the current DIX proposal is not SAML
compliant. For this upcoming IETF meeting in July, two BOF requests we're received, one from
DIX and one from Sam Hartman called WARP. They have both been merged into a new BOF called
WAE (Web Authentication Enhancement) chaired by Pete Resnick.

In talking with Lisa Dusseault, ASF member and IETF Applications Area Director, it sounds
like the IETF would not be interested in standardizing a protocol above the HTTP layer. Rather,
they are looking at a 2-3 year process to modify something like TLS to support authentication.
Then once that is complete, it is possible using the same assertion format to provide a solution
above the HTTP layer with the appropriate security considerations documented. While this path
certainly isn't set in stone, it seems to be the direction the WAE BOF is going.

The OpenID community is not interested in circumventing the formal standards process, I can
say with my VeriSign hat on that we're also interested in a lower level solution, but the
community sees the need for something like OpenID today.

Hopefully that helps answer your questions, but please let me know if not.

--David


________________________________

From: Noel J. Bergman [mailto:noel@devtech.com]
Sent: Wed 6/28/2006 3:56 PM
To: general@incubator.apache.org
Subject: RE: [PROPOSAL] Heraldry Identity Project



David Recordon wrote:

> This is a proposal to create a project within the Apache Software
> Foundation to develop technologies around the emerging user-centric
> identity space.

> The project would start with [Yadis, OpenID, OSIS]

> Yadis is currently being standardized within OASIS as part of the XRI
> effort, OpenID has emerged as a de-facto specification, and OSIS does
> not depend on a specification

Can you speak about this vis-a-vis the fledgling IETF standards for
identity?

        --- Noel


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org






Mime
View raw message