OpenID is slowly slowly gaining adoption. Here is a list of resources relevant to cloud identity, authentication, and authorization.
- Conflicting Visions of Cloud Identity, Kim Cameron, Microsoft Identity Architect, speaking at the European Identity and Cloud Conference points out that many people thinking about the cloud are still thinking about private clouds.
- “The cloud motor runs on identity.” You need to think about a graph of services, and your identity needs to cross all of those.
- A “domain based” identity model is a non starter, you can’t have a boundary.
- First generation federation identity provider is a start, but ultimately won’t work either. You need to deal with a plethora of identity sources. The claims of identity will be distributed. We need “Identity Management as a Service” (IDMaaS) to keep costs down and enable power needed.
- 12 essential capabilities: registration, attributes, creds, claims issuance, slaims acceptance, claims augmentation, claims transforms, roles, groups, relationships, audit, and directory.
- Privacy and Security Imperative. Cloud service provider can not even know which identity is using which service. Example of IRS: ways for a person to use an identity that is easy to remember, but not retained by the service for later abuse.
- The IDMaaS avoid the “all-seeing identity provider.” Embrace cloud without giving contextual separation.
- 7 Laws of Identity – Kim Cameron from 2005
- Laws of Identity: A conversation with Kim Cameron – John Fontana interviews Kim Cameron on the current state of the laws and identity.
- Landscape of Web Identity Management, Mario Hoffman at Fraunhofer Institute provides a nice infographic of various aspects of identity on the web.
- OpenID Connect – New draft available (May 26) for this lightweight specification for that provide a framework for identity interactions via RESTful APIs.
- The Most Complete History of Directory Services You Will Ever Find – nice compendium
- OpenAM – originally branded as OpenSSO by Sun Microsystems, seems to cover authentication, authorization, and federation. Compatible with OAuth. Strangely, no mention of OpenID anywhere. That makes me suspicious. I did find an open source project that translates OpenID to OpenAM so they clearly overlap. There appears to be an “extension” to support OpenID.
- Cloud Identity Summit scheduled for July 16 – 20
- Nat Sakimura’s list of key specifications in the OpenID space.
- Why OpenID leads to Information Cards, Kim Cameron gives a demo of a phishing attack possible with OpenID when the OpenID provider automatically pops up a login screen. Some OpenID providers refuse to offer automatic login screens for this purpose. Of course, Information Cards (a la CardSpace) is his solution from Microsoft. Another solution might be browser support for OpenID but he didn’t mention that.
- Reimagining Active Directory for the Social Enterprise – more Microsoft viewpoint on how identity will work with Azure and other cloud technology.