Default style (Cherry Eve). Switch styles (Capricorn). Atom Feed Calendar
« Microsoft's InfoCard | Main | Infocard - Follow-up »
http://blogs.sun.com/hubertsblog/date/20050520 Friday May 20, 2005

Paul Madsen - WS-KindofInteresting

In this blog entry Paul discussed our (Sun) recent announcement of the Web Single Sign-On Metadata Exchange Protocol developed with Microsoft. I think he's raising interesting points on the interoperability issue.

First, a minor correction:

Sun and Microsoft recently announced some fruits of their relationship in the identity management and web services space, the wonderfully named WSSOMEP (I think they missed out on the chance to call it SOME (Sign On Metadata Exchange))

We actually refer to it as WSSOMEX (see in the Interoperability profile document) but SOME would have been cool indeed :-)

Then Paul suggests other ways to perform this 'What languages do you speak?' query:

So this is one way to address the 'what can the other guy do' issue. There are others. Here is my list:

  • ask the other guy (WSSOMEP model)

  • look it up (metadata file at well-known location)

  • ask somebody else (UDDI)

  • trial and error, e.g. use one of the suites and, if it works, fine. If not, glean something from the error message

To me the 2nd option is close to one method proposed in the protocol document to discover where the Identity Provider is located. One issue I can think of with such approach (or the 3rd one) is the lack of dynamicity and the requirement for the identity provider to provision this information ahead of time (plus the maintenance of it): it's a bit of a if you want to know something about me, just ask me direclty and you'll be sure to get up-to-date information kind-of-thing. The last method may seem dumb but when the number of possibilities is reduced (and one would argue it is greatly reduced as of today :-) ) it is actually pretty efficient; not scalable at all but efficient...

Paul then moves on to Liberty ID-WSF:

What others are there?

For Liberty's ID-Web Services Framework, the Web Services Consumer (WSC) is able to discover versioning support of its eventual partner Web Services Provider (WSP) by interacting with the Discovery Service. The knowledge it gains about the capabilities of the WSP is implicit however, it never explicitly asks the question 'what can the other guy do' but rather 'give me everything I need in order to talk to the other guy'. The 'everything I need' includes the required versioning info.

I find very interesting that Paul refers to the versioning mechanism used in ID-WSF as I to think there is quite a bit of overlap between the 2 mechanisms (at least scope-wise). Of course the difference is that the model used in WSSOMEX does not rely on a 3rd party (the DS in ID-WSF) that speaks the same language than the requester so we need to define protocol (could be hand waving...); we should investigate how Liberty could leverage something like WSSOMEX (or WSSOMEX directly once it gets into a standards org. but that is a separate topic).



Posted at 02:36PM May 20, 2005 by Hubert Le Van Gong in Identity  |  Comments[0]

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
www.flickr.com
hubert_levangong's photos More of hubert_levangong's photos

View My Stats