Wednesday December 20, 2006
Wednesday December 20, 2006
Too Tagged To Ignore It...
Okay, I've now been tagged by at least 3 different esteemed colleagues (Conor, Gerry and Paul - alphabetical order so as to not favor anyone) so I guess I need to act upon it. So here we go:
- My paternal grandfather (Dr. Nguyen Van Thach) was a politician in Vietnam (Saigon). Although he too was favoring independence (from the French) he got assassinated by the Communists in 1946 hence triggering the exodus of my family to France.
- I always wanted to be a fighter pilot but my eyes failed me...
- My favorite seasoning is the nuoc-mam (aka. fish sauce). My wife always complains that I put it on every dish thus ruining them (what can I do? I grew up with that!)
- I may have some British ancestor (shocking!)
- Here's a secret recipe for beautiful children: ethnic mixity. Mine are half French, a quarter Cantonese and a quarter Vietnamese and they're beautiful!
I guess I should tag other people now...hmm...since I've waited too long it seems pretty much everyone in Identity has been tagged already!
Wait I know who has been spared so far: Brett, Timo, Takashi You're it!
Posted at 04:41PM Dec 20, 2006 by Hubert Le Van Gong in General | Comments[0]
WS-Federation version 1.1 is out, 3 years after...
So, it seems Microsoft, IBM & al. have decided to release a new version of WS-Federation, more than 3 years after their first version. I've done a quick read on it and listed some of the most noticeable changes below:
- Structurally there is now only one document. The passive, active and various interoperability profiles have all been combined in this single document. I tend to think this is a good thing since all these profiles were certainly creating confusion. IMHO they were also showing a certain lack of testing before the first publication hence leading to the need for additional interoperability profiles (but I'm being controversial here...).
- All the protocols have been combined in a single big section (13)
- The focus seems to be more on the active requestor rather than the passive profile which is mainly addressed in section 13.6
There are some new features in this spec too:
- Federation metadata: with the concept of context to describe the fact of belonging to one or more federation (what SAML or Liberty Alliance calls Circle of Trust (CoT))
- Authorization service & Pseudonym service: these are basically specialized versions of an STS in order to be able to include either attributes or pseudonyms along with the token that's being issued.
At this point it really looks like WS-Federation 1.1 is mimicking most of SAML2.0 functionalities although I think there are a few differences that I'll explore in a forthcoming post.
Finally, can someone tell me why in a world they decided to expand SSO as single sign-out when everyone else in the industry understands it as single sign-on ?! Talk about confusing people...
Posted at 03:09PM Dec 20, 2006 by Hubert Le Van Gong in Identity | Comments[3]
