If you're new here, you may want to subscribe to my . As usual, other things have got in the way…

Having read the article I have to say that it’s not as negative about the future prospects of federated identity as I imagined given the comments of the folks on the Identity Gang. There’s a note of caution contained within, which actually reflects thoughts of my own that maybe federation has a more limited future than some people (read: marketeers) would suggest.

One of the key points about federation is that is a method of communicating across a business partnership (Single Sign On is merely an aspect of the agreement). In this sense the most important thing is to have a partner! The analogy of the telephone, made by Scalet, is excellent in this regard - the first person with any communications technology will always be looking for someone to talk to (although that sounds somewhat like blogging to me!). However, forming a federated partnership can potentially open up both parties to risk and the assertion by Scalet in this regards also rings true - any implementation in this space is about trust and not technology.

On this side of the Atlantic Ocean I still feel we’re some way behind our colleagues in the US in implementing federated identity systems, although I’m sure this will come. The work of certain companies (Ping Identity, in particular) in providing sample agreements and regulatory guidance has helped, and the challenge for those of us working in this space is to apply the lessons learnt to our own laws and regulations so that we can accelerate the take-up. Another consideration that will affect take-up is (something touched upon in the article) the consolidation of protocol standards. Despite the actualities of federation, it is still seen, by most people as a web SSO technology - which has involved, in the past, discussions of SAML, Shibboleth, Kerberos and WS-Federation; the release and implementation of SAML 2.0 has greatly reduced confusion, which can only increase interest in the future (in any space competing standards reduce confidence - witness blu-ray and HD-DVD in the consumer electronics space!).

One area where I think Scalet misses is in the discussions of access controls. There is mention of provisioning and how this can be simplified through appropriate use of federated SSO, however, IMHO, this is glossed over somewhat, since there can be greater challenges in deploying in this kind of scenario - there will usually be some matching of accounts from an IdP to a SP - even in a many to one scenario there needs to be access control method at the SP (and usually requirements for audit as well). Overall, though the point is made that there are some simplifications in that the full account with all attributes does not need to be provisioned to the SP (of course, doing so is yet another challenge!)

Some of the ideas around federation have been hyped, but there are still many opportunities to take advantages of the technology and give real business benefits. This, of course, provides opportunities for those of working in this space

On this day..

• How To Be Great - 2006

Share and Enjoy -