Re: [Auth]Re: DotGNU reference

[Albert Scherbinsky]

S11001001 wrote:
> 
> Adam Theo wrote:
> > I found this refernce to DotGNU, specifically its Virtual Identities
> > effort:
> >
> > http://java.sun.com/features/2002/05/single-signon.html
> >
> > I think they got it wrong, though. They are saying DotGNU's Single
> > Sign-On mechanism (does it have one yet?) is a third-party security
> > service like Passport and XNS. In other words a centralized service that
> > manages all assertions for everyone. This is in contrast to the Liberty
> > Alliance way of a group (or federation) of organizations that get
> > together and share between each other, after forming bonds of trust.
> 
> Well, "third party security service" is not necessarily centralized, and
> does include LA. The only difference between LA and Passport et al is
> that LA is multi-vendor. However, "DotGNU security service" is only an
> interoperability & outside interface standard.

Although you are right about LA being multivendor, Jon is
right about LibertyAlliance not requiring a third party
Identity Provider. It is true, LA can be used as a third
party Identity Provider, although not necessarily so.
Service Providers can act as their own identity providers,
eliminating the third party.  He may very well be mistaken
about DotGNU, and you might want to send him an e-mail
correcting him. Although trashing him in this public forum
was likely more satisfying. :)

LibertyAlliance has lots of commercial momentum behind it.
To ignore it would be foolish. The Multivendor and
Autonomous Identity provider option, make it much better
than Passport in terms of Liberty(freedom). However it is
worse than Passport in other important aspects. Those
aspects can be addressed by software like Liberty Guardian.

Cheers,
Albert Scherbinsky
Drop by at: http://members.rogers.com/alberts/

Kurt Godel showed us every formal system is either
incomplete or inconsistent. Deal with it!