[foaf-protocols] bridging foaf+ssl with SSL/https CONNECT proxies. IDP proxying as an adoption thesis

Peter Williams home_pw at msn.com
Fri Nov 20 20:59:02 CET 2009 

Microsoft got what Im talking about, in their model. They reserve the term
"federated identity" for the world in which an RP is "guarded by" its own
issuer. Ive no doubt they understand the politics, and have take that
understanding as a set of design axioms when it comes to trust management.

 

For any " claim" (read foaf attribute) delivered to a relying party, their
object model has an api that lets the RP know which was the last
issuer/proxy to "issue" the claim, and which issuer was the "originator".
They build in the notion of re-asserting, that is. Trust middleware - which
allows a sequence of trusted issuers to form and route through the trust
fabric of issuers/re-asserters - is hidden from the RP webapp; though not
the RP's IDP proxy.

 

http://download.microsoft.com/download/7/D/0/7D0B5166-6A8A-418A-ADDD-95EE9B0
46994/WindowsIdentityFoundation-WhitepaperForDevelopers-RC.pdf

 

If Microsoft's federation gateway was to accept foaf+ssl assertions much
like it will accept openid assertions (acting as an IDP proxy), it would
simply map the attributes into the final-hop protocol that connect the
webapp's RP via the API to the gateway.

 

 

 

 

From: foaf-protocols-bounces at lists.foaf-project.org
[mailto:foaf-protocols-bounces at lists.foaf-project.org] On Behalf Of Peter
Williams
Sent: Friday, November 20, 2009 11:07 AM
To: foaf-protocols at lists.foaf-project.org
Subject: [foaf-protocols] bridging foaf+ssl with SSL/https CONNECT proxies.
IDP proxying as an adoption thesis

 

Speaking as a participant in a legacy industry that has adopted
asserting/relying party interaction pattern over the last 3 years (after 50
years of running 1000 disconnected membership silos), foaf+ssl might want to
learn some lessons that other websso technology communities have failed to
learn.

 

Yes foaf+ssl is essentially an assertion framework, much like openid and
saml.  Thus, it has to address the fact that the very act of distinguishing
asserting and relying parties introduces a governance and control issue -
often known as the trust problem.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20091120/3d5b4727/attachment.htm

More information about the foaf-protocols mailing list