First Came LDAP, then Single Sign On, then Provisioning, then sprouted Identity Management, and then Access Management, and from there on Fererated Identity Management. All the major vendors like Sun Microsystems, Novell, Alcatel, Sentillion, Passlogix, Fujitsu, Evidian, Courion, Data Power, IBM, Verisign, Oblix, Netegrity, Nokia, Intel, RSA Security, Elios, Phaos, Oracle, Calendra, PingID, Thor, M-Tech, Computer Associates, Entrust, Axalto, Microsoft, HP scrambled around adopting Project Liberty standards and releasing their own version of Federated Identity Management Poducts.
I thought that it would be a good thing to get involved in the circle of trust federated identity providers and keep up with the trends and technological advancements in this arena. Apart from getting a comfort factor from being able to learn and master the usability of all these products and their features, knowing their pros and cons, I believed that involving myself in just Project Liberty would suffice. I was so very wrong. Familiarizing myself with this rande of vendor products was a daunting task by itself.
As I started getting involved in discussions around these products, I got sucked into discussions around protocols, framework and specifications. Project Liberty was not the one stop shop. There was InCommon Federation, , SWITCHaai, Athens Access Management, Meta Access Management, and so on... I wonder how much more there is to discover - I Wonder whats NEXT?
Kim, Andre, Chuck, Kaliya, Don, Ian, Kudo I really could use some help here...
do it. think it. blog it! ... a twisted world
Friday May 20, 2005
EXCERPT FROM EDUCAUSE PUBLICATION
The open-source Shibboleth System extends Web-based applications and identity management for secure access to resources among multiple organizations
Please Read the Complete Publication at http://www.educause.edu/apps/eq/eqm04/eqm0442.asp?bhcp=1
The Shibboleth System includes two major software components: the Shibboleth Identity Provider (IdP) and the Shibboleth Service Provider (SP). These two components are deployed separately but work together to provide secure access to Web-based resources. A step-by-step description of the Shibboleth sign-on process follows. While the details may vary based on deployment choices, the steps below are typical. The players include the user, who wants to use a protected Web resource; the resource provider Web site, which has installed the Shibboleth SP software; and the user's home organization, which has installed the Shibboleth IdP software.
- The user navigates to the Web resource using her browser. The resource site is protected, hence requires information about the user in order to decide whether access is permitted.
- The Shibboleth SP software redirects the browser to a "navigation" page (called a WAYF, for "where are you from"), which presents the user with a list of the organizations whose users may access the resource.
- The user selects her home organization, and the browser is sent to the home organization's Web site running the Shibboleth IdP software. This site uses a Web sign-on method chosen by the home organization. The user now sees the familiar login Web page of her home organization, enters her username and password, and selects the Login button.
- The Shibboleth IdP software sends the browser back to the original resource site and includes in the message some security information called an "assertion" that proves the user signed on. The Shibboleth SP software on the resource site validates the assertion and then requests additional information (attributes, such as "faculty" or "student in Film327") about the user by making a request to the home organization's Shibboleth IdP service.
- The Shibboleth SP receives the user's attributes from the home organization's IdP and passes them along to the resource provider's Web application. The application uses those attributes and its access policy to decide whether the user's access is permitted or denied, displaying the appropriate page to the user's browser.
Google recently rolled out a personalized version of their site, much in the likes of yahoo and other portal service providers. This personalized feature of Google does not have a name yet. Maybe it's gonna be called myGoogle (Google recently registered the domain myGoogle with AllDomains.com), or GgMYle or something on those lines...
Currently the personalized Google service allows one to create their home page with different modules that they can drag and drop across the page, thus enabling the user to have one place to gofor their email, weather, maps, movie schedules, news headlines and of course the Google web search. As Yahoo starts to launch their own adsense like offering called YSM, Google is going the other way around to offer a Yahoolike personalized service. Google will start by offering content from the BBC, the New York Times, Slashdot, Wired, the Quote of the Day and the Word of the Day. The Google also plans to let users add syndicated Web content from news sites and blogs via RSS, or really simple syndication, technology, said Marissa Mayer, who directs consumer Web products for Google.
The Google service thats to be launched pretty soon is extremely similar to it's rival offerings like MyYahoo, MSN, AOL and EXCITE. The portal tool is part of a broader Google initiative to aggregate its features and information into a unified single place, a project Googleproudly calls the "fusion." Google is exploring other ways to personalize the experience, a Google representative was heardto have mentioned. Very typicalof Google's style, Google is releasing this as a BETA.It's currently available on Google Labs.
All said and done, Google's not way different from all the others out there who imitate each others offerings. For Google Innovation is not in Invention; but rather in Imitation!!.