Identity Technology

From CyberOne Wiki
Revision as of 04:21, 19 October 2006 by Hart (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Ident-I-pedia - The Identity Wiki Category


Identity Technology


Category Description:

A list of technologies and protocols that are developing the internet identity layer


SAML


Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. The single most important problem that SAML is trying to solve is the web single sign-on (SSO) problem. SSO solutions at the intranet level abound (using cookies, e.g.) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of proprietary technologies that do not interoperate. SAML has become the definitive standard underlying many web SSO solutions in the identity management problem space. SAML assumes the principal (often a user) has enrolled with at least one identity provider. This identity provider is expected to provide local authentication services to the principal. However, SAML does not specify the implementation of these local services; indeed, SAML does not care how local authentication services are implemented (although individual service providers most certainly will).

Pasted from <http://en.wikipedia.org/wiki/SAML>

Yadis


Yadis is an open initiative to build an interoperable lightweight discovery protocol for decentralized, user-centric digital identity and related purposes. Yadis aims to allow the capabilities of identities to be composed from a open-ended set of services, defined and/or implemented by many different parties. By allowing each party in an online relationship to choose the authentication and data sharing protocols they want to use to share their information, Yadis hopes to foster the development of mutual trust and respect. Yadis also aims to let Internet users define what information they expose to which third parties and which services they use.

Pasted from <http://en.wikipedia.org/wiki/Yadis>

Light-Weight Identity



Light-Weight Identity (LID) is a set of protocols and software implementations created by Johannes Ernst of NetMesh Inc. for representing and using digital identities on the Internet without relying on any central authority. LID supports digital identities for humans, human organizations and non-humans (e.g. software agents, things, websites, etc.) It implements Yadis, a discovery service for interoperability with other URL-based identity systems like OpenID. LID uses standard URLs as identifiers. For example, the URL http://lid.netmesh.org/liddemouser/ is the LID identifier for a hypothetical individual called Mr. LID Demo User. Anybody can host LID digital identities at a URL of their choosing, as long as they have control over the URL and the ability to run a program (CGI script) at that URL. For URLs where that is not possible, Yadis delegation allows a LID URL to point at one or more identity services hosted by different sites. Unlike other digital identity systems, LID is organized in a base protocol called MinimumLID, and an ever-growing list of profiles on top of it. This enables LID to be a foundation for digital-identity related innovation by many parties. Any implementor chooses which or how many LID profiles to support to meet their needs.

Pasted from <http://en.wikipedia.org/wiki/Light-Weight_Identity>

OpenID


The OpenID logo OpenID is a simple identification mechanism originally developed by Brad Fitzpatrick of LiveJournal and is now largely being developed by David Recordon of VeriSign, JanRain, and Dick Hardt of Sxip. It is a distributed, decentralized network, in which any user's online identity is given by URL (such as for a blog or a home page) or an XRI (such as an i-name), and can be verified by any server running the protocol. Starting with version 1.1, OpenID uses the Yadis service discovery protocol. OpenID 2.0 is now developing into a complete framework for user-centric digital identity. On OpenID-enabled sites, Internet users don't need to create and manage a new account for every site before being granted access. Instead, they only need to be able to authenticate with a trusted site that supports OpenID, called the identity provider or i-broker. The identity provider/i-broker can then confirm ownership of the user's OpenID identifier to other OpenID-enabled sites, called relying parties. Unlike most single sign-on architectures, OpenID does not specify the authentication mechanism. Therefore, the strength of an OpenID login depends on how much a relying party knows about the authentication policies of the i-broker. Without such knowledge, OpenID is not meant to be used on sensitive accounts (banking, e-commerce transactions, etc.), but if an identity provider/i-broker uses Strong authentication, OpenID can be used for all types of transactions.

Pasted from <http://en.wikipedia.org/wiki/OpenID>


SXIP

Simple Extensible Identity Protocol (SXIP) is a protocol developed by a company Sxip Identity. The company Sxip Identity a small startup based in Vancouver has had a high turn over in the past two years over 90 people have cycled through. The SXIP protocol was designed to provide the ability to easily move identity data on the web, with features such as Single sign-on, automatic form fill, and third party signed assertions. The protocol had no adoption in the market. In the first version of the SXIP protocol Sxip Identity the company was going to be the global registry of all the names using a UUID called a Guppie. This passport like model was rejected by the market because it was not decentralized. The first version of the SXIP protocol was not in an recognized standards body nor was it ever submitted. The second version of the SXIP protocol was submitted to the IETF to become a standard and it failed to progress past the draft stage and is now no longer a protocol. The SXIP protocol, had user maintain identity information at a homesite, which could be either be hosted or co-resident on the user's machine. Users could capture information for the homesite from other authoritative sites; they could then direct the use of their information on membersites that support SXIP. In the summer of 2006, the company Sxip Identity announced that it is was bringing its proposed SXIP protocol and Digital Identity Exchange (DIX) protocol into the OpenID 2.0 community to be incorporated into its open specifications.

Pasted from <http://en.wikipedia.org/wiki/SXIP>