Good news from the Liberty Alliance and Drummond Group, where the latest round of interoperability testing - for the SAML 2.0 specifications - has recently concluded. Here's the matrix of products and tests. You'll see that as well as Sun, HP, IBM, RSA, EMC's Security Division, and Symlabs all submitted products to the test.
Naturally, I'm delighted to see Sun's Federated Access Manager (FAM) getting the green light in every test across the board, because it's all very well aiming to be a thought leader on identity federation, but that doesn't do much for the stock price if you can't then also put the vision into practice. Huge congratulations to the product team...
As Superpat has already blogged, there's a series of podcasts going out through the new FAMTalk website, so you can hear about FAM and the principles it puts into action from people who really know what's under the covers.
Finally, though, I was particularly pleased to see that four out of five of the products tested implement the Attribute Authority specifications. That may sound like a rather off-beat reason for happiness, but here's why I think it's significant.
Take a basic model for identity data - such as the 'onion' model we produced from the Liberty PPEG Privacy Summits. The 'heart' of the onion is your 'basic identifier set' - the small number of data items which, say, most governments would rely on to establish your uniqueness in some register of citizens (typically, name, gender, date of birth, place of birth). The next layer out includes things which often reliably identify you but which might also reasonably change over time - such as your address.
The outer layer of the onion includes a host of other attributes which, when used with your identity data, provide the means to make authorisation decisions, describe your healthcare needs, establish your entitlements, and so on. The data in this layer is often highly specific to the sector, service or application in question. For instance, the attribute "C1E" means that I am entitled to drive a van with a trailer attached... as long as it's interpreted in the context of my driving licence. So for the data in this layer to work, it must have a high degree of what BT's Piotr Cofta refers to as 'contextual integrity'.
Its contextual integrity is also key to managing my privacy. In fact, for a definition of 'online privacy', you could do a lot worse than something along the lines of "managing the contextual integrity of the data subject's attributes, within and between contexts".
So my prediction for 2008 (or at least, my fervent hope) is that all of us - technology vendors, data subjects, policymakers - will become more aware of, and better at, managing the contextual integrity of attribute exchange. It's a wonderful principle, but it would make a lousy T-shirt. ;^)
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}