> So, yes, my point is that for whatever reason there is an extant plethora > of identity-asserting protocols, and they aren't simply going to dry up > and blow away because this working group is formed, and perhaps re-invents > another wheel.
In order for DIX to be approved by the IESG we need to choose one of the identity-asserting protocols. That could mean a subset of an existing standard (SAMLv2) or creating one that can provide an "interoperable implementation". Emerging or alternative protocols could be added in later. > And as PHB noted earlier on this list, another high-level aspect of this > overall identity puzzle is one of identifiers themselves. > > And even with identifiers themselves, there is a fair bit of extant non > trivial emerging deployed work, which isn't necessarily going to disappear > right away. Eg XRIs [1][2]. IMO, leveraging existing identifiers (URI's, URL's, Mail Addresses) and discovery mechanisms (DNS) are more interesting than trying to reinvent the wheel. It's much easier to codify DIX with well known and widely-used identifiers. OTOH I would want DIX to keep the core spec open for emerging or alternative identifiers (e.g. XRI's). > So I tend to think that up-leveling the discussion to be one focusing on a > meta-layer framework for identifier resolution and identity service > discovery (aka identity provider discovery) is where the value for an > IETF-based effort lies. To quote Scott Hollenbeck: "A charter that does not describe at least one method to produce interoperable implementations will not be approved by the IESG." -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Hodges Sent: Wednesday, January 25, 2006 10:45 AM To: Digital Identity Exchange Subject: of identifiers and identity service discovery (was: Re: [dix] Toadd to the charter) >> John Merrells had mused: >>> I don't think that we need a protocol to interoperate with other >>> protocols. I think we need one protocol. > Jeff Hodges replied: >> You're dreaming. Those horses are out of the barn and off in the next >> state. Suresh Venkatraman opined: > IMO, the horses are a bunch of disconnected islands spread across the > internet. It sure would be nice to have a single system that wasn't > controlled by one company to connect the islands. So, yes, my point is that for whatever reason there is an extant plethora of identity-asserting protocols, and they aren't simply going to dry up and blow away because this working group is formed, and perhaps re-invents another wheel. I think where some value could be added is pretty much what you're alluding to above which is specifying a standard means by which one can determine which flavor of identity-asserting system a given identifier is recognized by. yadis.org is one such effort, fwiw. And as PHB noted earlier on this list, another high-level aspect of this overall identity puzzle is one of identifiers themselves. And even with identifiers themselves, there is a fair bit of extant non-trivial emerging deployed work, which isn't necessarily going to disappear right away. Eg XRIs [1][2]. So I tend to think that up-leveling the discussion to be one focusing on a meta-layer framework for identifier resolution and identity service discovery (aka identity provider discovery) is where the value for an IETF-based effort lies. JeffH [1] OASIS Extensible Resource Identifier (XRI) TC http://www.oasis-open.org/committees/xri/ [2] OpenXRI http://www.openxri.org/ _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
