Perhaps another way of looking at this is to ask the following
questions:
Why is SAML not widely adopted? Why is it not being used at Amazon,
Yahoo!, Google or MSN? It has been around long enough.
Why was SMTP standardized when X.400 was being worked on?
Why was LDAP created when X.500 was looming?
My opinion is because X.400 and X.500 were too heavy and did not
easily solve the problems people wanted to solve.
SAML solves some people's problems, but clearly is not solving a
bunch of other people's problems, or it would have been adopted by now.
-- Dick
Dick,
I think that depends on which community you are referring to. LDAP was
not originally a standalone
protocol and in the early 1990's people needed to run clients connected
to larger and more capable servers that were
directly connected to the Internet. Then there needed to be support for
standalone LDAP servers that did not require connection
to the X.500 infrastructure. That didn't stop major corporations from
building large X.500/LDAP infrastructures, at
the enterprise level.
People did not ordinarily have their own domain names. Given the option
of having better authenticated messages for the military, or easily
spoofed SMTP, I would have chosen SMTP for myself, and left the military to
deal with the intricate nature of X.400, which is also at the core of
enterprise programs like Microsoft Exchange.
Rapid growth and security are not always two dogs that you can keep on
leash at the same pace.
I think the stronger argument for X.500/LDAP is that it provides a
fairly well known method of policy enforcement within a defined
administrative domain.
Whether one requires specific administrative domains that are at the
Internet level is probably a dog that won't hunt, but when one drops
down to an enterprise level, then it probably goes without saying. I
think it depends on the services that people want to offer and what they
require and the laws of identity.
Current computers are so much more powerful and networks so much faster
that the rules that governed adoption in
the early 90's are not as relevant today. Even the idea of keeping a
three headed dog on one's personal leash seems like
an interesting idea, where a KDC is normally buried way back in the
inner sanctum of a data center.
People are adapting rapidly to a fairly brutal Internet with phishing
websites, spam, and hostile code. In some instances they may want a
company to proxy their identity information, because it works well, in
other instances they may be at risk since they
have no control over that company's back end operations, except in a
general legal sense. The difference between an
X.500 administrative domain is that one can insert legal requirements
that are going to be out of scope in an IETF
document. The beauty of that is "If you live here, and are a citizen of
country, state, county, city, X, then these specific rights are
embedded in the IT infrastructure, if you live within X." The beauty of
the Internet is that it
largely ignores what happens in X from a policy standpoint and thats not
a bad thing.
-pb
[EMAIL PROTECTED]
------------------------------
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
End of dix Digest, Vol 5, Issue 10
**********************************
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
