Subject Re: Social Identity Rant: was [MACE-Dir] eduPersonSubjectIDGUID
From Nate Klingenstein <ndk@xxxxxxxxxxxxx>
Date Fri, 23 Oct 2015 17:01:42 +0000

I understand that and would probably have made the same call as an implementer in those situations.

But, my belief is that there are enough serious fundamental flaws in all these current standards(or, quasi-standards) to federated identity that none of them is going to prove a “victor”.  SAML has an enormous installed base, as does OAuth2, but neither solidly addresses all the use cases on the table, and OpenID Connect doesn’t really bring anything new and compelling enough to me to gain a foothold.  Indeed, proliferation of yet more protocols would make me sad, since application developers keep insisting on trying to implement identity and security themselves.

Would it not be cool to work towards a protocol and an implementation that can offer the same functionality to application developers, but do it right from an identity management perspective?

As such, Nate Sisyphus will continue pushing on the dogma, because I think we can and will innovate and create a unified framework that gets these calls right, and I still think that the emergency of highly centralized IdM solutions is the window to use to make it real.

I don’t think I got it right in my first guess, not even close.  But I do think that the community has enough assembled talent to do it right if we can get the processes and relationships established, and I would love to focus on that in tandem with initial architectural discussions.

But, all of this is in my fantasy world today...

On Oct 23, 2015, at 10:49 AM, David Langenberg <davel@xxxxxxxxxxxx> wrote:

I agree with you there, OIDC is not yet widely adopted, but it is up and coming.  My own projects regarding OIDC have more to do with use-cases for which OAuth2 was a better fit than SAML.  When deciding between OAuth2 or OIDC, I chose OIDC because I also get OAuth2 for free as part of implementing OIDC.