(2006)

Identity Management Systems

Filed under: Uncategorized. Tags: identity.

For some of our projects here at the TLC, we need to be able to manage identity information - traditionally, user accounts, groups, roles, etc… We’re taking a bit of time to think about a better way of implementing this, and how to use a flexible, distributed identity model.

I’ve been going through some web searches to find out what others are doing. The “version numbers” are loosely based on Dick Hardt’s descriptions (with apologies to him if I’ve misinterpreted what he was trying to say).

“Identity 1.0″

centralized repository - institutional directory…
LDAP
OpenLDAP

“Identity 1.5″

federated/centralized repositories - institutional and trusted shared directories…
SunOne Access Manager and SSO (and some Identity Management whitepapers from Sun)
Liberty Alliance
SAML (and OpenSAML)
- Shibboleth (implements OASIS SAML 1.1)

“Identity 2.0″

distributed repositories
Sxip (Simple eXtensible Identity Protocol)
OpenID - distributed identity tied to services that respond to URLs
LID (Lightweight IDentity) (wiki)
Infocard (more info) (part of Vista/WinFX)
Credentica

Any glaring omissions? I’ll be editing this post as I go along (I’ve got the info in our TLC wiki, but that’s behind an Identity 1.0 login)

Comments

4 Responses to “Identity Management Systems”

Kim Cameron on April 26th, 2006 4:24 pm

I put infocard in identity 2.0 - user centric - and so does Dick Hardt and Johannes
D'Arcy on April 26th, 2006 8:40 pm

Kim, thanks for the clarification. Is Infocard a Windows-only solution? Can it be used by software on other platforms, or is it an integrated part of Vista? Can it be used by web apps (java, php, etc…)?
Conor P. Cahill on April 29th, 2006 11:45 am

Liberty Alliance and SAML are protocols, not implementations. The protocols can be used to implement any of the 3 identified models above (so, yes, I can use Liberty/SAML protocols to run an IdP off my phone/laptop to assert any identity that I currently maintain).

In reality, I expect that the the world of Identity will evolve towards a mixture of third party asserted (what you would call centralized) and what I refer to as self asserted (I don’t use the term user-centric since any identity system can be user-centric if they give control of the use of the identity to the user). Depending upon where you want to assert your identity you may need one form or another.

Conor
D'Arcy on April 29th, 2006 1:47 pm

Conor - thanks for the clarification. I’m still in the early stages of getting my feet wet in the identity concepts, so likely have a lot of stuff a bit muddy at the moment.

Also, thanks for the distinction between self-asserted and user-centric. They are different things, but I was using them as interchangable terms.

Similar Posts

Pages

My Other Places

Recent Comments

Meta

Apr

26