Subject Re: VO challenges - article
From "Cantor, Scott" <cantor.2@xxxxxxx>
Date Thu, 22 Oct 2015 14:47:15 +0000

On 10/22/15, 10:36 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx> wrote:
>But really we are not asking for a pony, only an ant (since PIDs are as
>common as them)

They really aren't. Leaving aside that the number of apps that actually work well with long, ugly, opaque IDs made up of multiple parts is very small, supporting that use case requires some non-trivial IDM practices.

In addition, as I'm sure some will speak up and say, using pairwise IDs does not work well for a lot of VOs. So you're really talking about a global identifier, something that hasn't been standardized at all outside higher ed (other than email addresses) and raises a lot more hackles besides.

>With the evolution of FIDO this may well be the case.

Have they started working on soft tokens yet? I lost interest when I found out it was about hard tokens, and was rather puzzled by who thought that made sense at this point.

>But the value of SSO with a PID is still worth a lot to end users and
>SPs, at the cost of next to nothing for IdPs.

A stable seed for that requires an IDM system with capabilities that are far from universal.

But for me it's more about the inability of applications to use them effectively.

-- Scott