On 21-Feb-06, at 9:09 AM, Peter Davis wrote:
But... in all my years of Internet surfing
I've never come across a website that said 'Take me to your
IdP...', or
'Can I be your Idp...' Never. Am I just cruising the web with my
blinkers on?
That's because good SAML deployments make this a seamless
experience for the
user ;-).
For sure, the tech should be under the covers, and the user's should
just experience the benefits. But, I've never experienced the benefit
of SAML on the web. Nick's big list of deployments suggests that I
would have to be a Boeing employee who banks with Wells Fargo.
(And I strongly suspect that even though both have deployed some
form of SAML that there's no way for a user to actually move anything,
between them... )
The impediments for deploying federated architectures have little
to do with
technology.
I think there clearly is a technology issue here. With the SAML
protocol I don't see how you move a token between parties
who don't already have a pre-existing relationship.
Federated identity management introduces new business and legal
complexities which many are only now coming to terms with. The
technology
is there, in a number of forms (which is why I'm loath to add yet
another
form unless it's absolutely necessary).
Although the technology exists in the form of SAML/Liberty/Shibboleth
and had been deployed by large enterprises/universities... I don't see
any uptake in the internet space from the huge portals and commerce
web sites down to the one person part-time websites. To me there's
clearly an adoption issue. Scalability at one end and availability and
usability at the other.
If anyone has data points that suggest otherwise please share them.
John
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
