Upon 2020

What I want to discuss at IIW

Somebody asked me yesterday what I want to discuss at IIW. The trouble is, there are too many things I really think we — the community — need to wrap our heads around and sort out. Here’s a list that’s by no means complete:

  • Open-Source InfoCard (first public discussion later today at IIW of a conversation that has been going on between a whole number of companies for some time)

    Self-congratulatory note: we’ve had a hand at NetMesh in bringing those folks together: now we only need an intellectual property regimen that meets the needs of Microsoft and the open-source community, and we have a very, very interesting project!

  • A "map" for the market of user-centric identity features, products and companies. As long as no such thing exists, no wonder prospective adopters are confused.
  • Testing! User-centric identity is inherently decentralized: how in the world can we make sure that thousands, maybe millions, of different installations of code could possibly interoperate reliably? How do we find out that implementation 1,234 doesn’t with implementation 925,834? How do we debug them? How do we support (non-technical) customers who use an identity from host A at Relying Party B, and they can’t authenticate? Giving them the run-around is not going to win any favors with anyone …
  • Specifically, how are we going to test Yadis? (that’s reasonably easy)
  • How are we going to test LID‘s GPG-based SSO, and in particular OpenID?
  • I’d like to define a Yadis service that "marks" Yadis Relying Parties, so a machine client (like a browser, or RSS aggregator, or …) could determine, without user intervention: oh, this is a Relying Party, I should try to authenticate using this particular SSO protocol.
  • I’d like to define a protocol by which users could authenticate against RSS feeds, that isn’t username and password (because that won’t scale) and by which user A could get different content than user B from the same feed at the same URL. Anybody else want to solve this problem?
  • How Higgins, Yadis and OSIS could and should relate.
  • A common Yadis user experience / look-and-feel.
  • How Drupal could declare its existing (and known insecure) distributed authentication system a Yadis service.
  • How Sxip could/should support Yadis.

The list is longer but there’s not much of a point in continuing ;-) I guess if I get about three of those over the two remaining days of IIW, I’ll be really happy.

Posted

in

by

Johannes Ernst

Tags: