One does not simply walk into Mordor, or Home Realm Discovery for the Internet

One does not simply walk into Mordor, or Home Realm Discovery for the Internet | Microsoft Share Point

Wed, 08 Apr 2009 10:58:36 GMT

PingBack from http://microsoft-sharepoint.simplynetdev.com/one-does-not-simply-walk-into-mordor-or-home-realm-discovery-for-the-internet/

http://connectid.blogspot.com/

TrackBack — Thu, 09 Apr 2009 03:23:06 GMT

The challenge of adoption

Chris Messina — Tue, 14 Apr 2009 07:24:08 GMT

Thanks for your comments. As I'm not native to the enterprise space, it's useful to hear about the pre-existing ways of describing these issues.

The big issue that I have with your conclusion (to use CardSpace) falls back to adoption, once again. For me, everything comes down to adoption. Changing the client is just not something I can advocate for in the range of my influence.

I think that the CardSpace metaphor is more or less the correct one, but I want this to work on my iPhone as well, and I'm still waiting for an answer as to how that would work for me.

By saying something like "The RP just need to specify that it needs a token made in a certain way", I think you ignore the depths one would have to go to get ALL RPs to ask in the same, uniform way. RPs don't just fall in line because it seems convenient or useful to do so. You have to get over inertia and the way that distributed and decentralized systems always operate to the lowest common denominator.

In any case, I'd be curious how you'd go about bringing CardSpace to the "last mile" when it comes to internet-enabled, browser-wielding devices that can at least do OpenID as it exists today?

re: One does not simply walk into Mordor, or Home Realm Discovery for the Internet

vibro — Sat, 18 Apr 2009 23:47:10 GMT

Hi Chris, of course the availability of the client is a key concern. Institutions like the OASIS IdM TC and the information card foundation are doing all the right steps, by ensuring that the standards is this space are clear and everybody can create its own selector confident that it will work with everything else. I believe that as issues like the one you discussed in your post become more pressing, the appeal of a strategic solution such as the card selector will grow stronger; and with it the incentive for everybody to provide it in their platforms.

One thing which is think is especially important to realize is that the capabilities we are talking about ehre must live OUTSIDE of the browser; whatever is rendered within that magic rectangle is decided by a server, hence whatever in-browser solution we find will always be susceptible of being replicated (in substance or appearance) by a malicious redirect. A piece of software residing on the client, outside of the browser but working in synergy with it, allow you to leverage user info (ie card collections, home realm, etc) that would be inmpractical to handle from the server (think infinite dropdown) but above all CANNOT be replicated with a simple redirect, requiring full control of the machine for being messed with.

This is a painful concept to swallow, because distributing things with the brower is so much easier; but I think that there's really no way around it. Ah, as usual this is MY position which may or may not correspond to the official one from my company :-)