On 24-Jan-06, at 9:23 AM, Tom Doman wrote:
Yes, Leslie, taking your thought further, it makes me wonder, how
does the DIX protocol end up being much different from SAML? Dick,
I know you like to discount SAML due to RSA licensing issues (which
is a very relevant point), but I'd like to have you weigh in on the
other material differences you might anticipate in the DIX protocol
itself. In other words, where else do you think SAML is lacking or
perhaps inappropriate for digital identity information exchange?
Hey Tom
I think the SAML authors did a great job of standardizing a language
to represent assertions to be moved between systems, and was driven
by vendors wanting to enable interop with between their enterprise
solutions. I think it is/was difficult from that point of reference
to think of how to move digital identity around at Internet scale, or
to scale down the required technological footprint for low risk, low
value identity transactions. Processing digitally signed XML is much
harder then fetching an HTML page and working with name/pairs. SAML
is pretty heavy to move my name, email address and blog URL. It also
does not integrate well into existing applications. The ID submitted
allows an existing form to use DIX with the addition of HTML, and no
change to the existing form processing code (assuming the required
fields are available)
Given the growing number of solutions that produce and consume SAML ,
it would be *good* for DIX to be able to move around SAML tokens,
just as Microsoft states they will do with their meta-system / Infocard.
Summary: The token part of the SAML specs map to a type of thing that
can be moved around DIX, the protocol part is missing chunks and is
not light enough.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
