jueves, mayo 17, 2007

Sistemas de Identidad.

via Ping identity veo estos dibujos de como avanzan los sistemas de identidad ultimamente.





En linea similar esta este post (http://blogs.csoonline.com/a_brief_history_of_identity_protocols)

. Early days: x509; directories; things get unmanageable; meta-directories (via Kim Cameron); LDAP.

2. Customers demand a web SSO protocol that isn't proprietary. Two different vendor groups form to build this. Phil Schacter (of Burton Group) publicly slaps both groups around. SAML (the "security assertion markup language") is formed inside of OASIS.

3. Microsoft creates Passport. The internet FREAKS OUT. Some big companies call Sun demanding a protocol that allows them to *not* have to hand over their customers to Microsoft -- the Liberty Alliance is born.

4. Liberty creates a whole bucketload of protocols - most of which the normal human being can never grasp. It contributes one of its earliest pieces of work (IDFF -- that's the identity federation framework) to OASIS for inclusion in SAML 2.0.

5. In the meantime, the mad scientists at Microsoft, IBM and a host of other companies are busy creating the WS-* specs. Unbelievably, these protocols are even more numerous than what Liberty has done. Analysts actually become sick to their stomachs trying to understand the array of WS-* specifications.

6. One of those WS-thingies is WS-Federation. Another is WS-Trust. Remember WS-Trust, it'll become important later (if I remember to get around to it).

7. Burton Group's Catalyst and Digital ID World are busy holding identity conferences before the rest of the copycats - er - conference producers wake up and realize that's a good idea. In between those two shows, Kim Cameron (see Meta-directories) starts writing the "7 laws of identity." Nearly all of the identirati miss the whole "natural law" connotation and go along for the ride.

8. Out of the miasma that is the conversation around what became known as the "the laws" is borne the "identity gang." This group includes people like Dick Hardt, Johannes Ernst, Drummond Reed and Kaliya Hamlin. A bunch of meetings happen where seemingly nothing occurs, while in reality a LOT is occurring. The "user-centric" identity movement takes shape. Its purpose: to build an internet-scale identity protocol -- which is another way of saying, "something not secure enough for enterprises to adopt." OpenID is born.

9. OpenID gets traction. Kim's work inside of Microsoft (did I mention Kim works for Microsoft?) gets traction (its called, the metasystem, then InfoCards, then CardSpace -- and succeeds in confusing everyone even *more* than the dizzying array of WS-* specs). Higgins is born (don't ask). Bandit happens (again, try to stay focused).

10. OpenID realizes it needs to interact with the "enterprise protocols," which if you're keeping track, now include SAML 1.0, SAML 1.1, SAML 2.0, WS-Federation, WS-Trust AND about 30 different Liberty Alliance protocols. Meanwhile, Kim Cameron says some things about OpenID's security that gets everyone's undies in a bundle. But that's okay, because they all have a few more meetings and voila (!) we now are sitting at the moment we're at today, where it appears that everyone is on the verge of maybe sorta coming close to inter-operating with everyone else.