david at sixapart.com
Mon Oct 24 11:01:07 PDT 2005
Some months ago, Brad Fitzpatrick, Johannes Ernst (of NetMesh and LID),
and myself got together to figure out how to make the OpenID and LID
personal digital identity technologies interoperable as to leverage each
protocol's most compelling features with each other . We figured this
be a good idea given that both are based on URLs as identifiers and are
bottom-up initiatives with fairly similar goals. Working on this
problem, we realized quickly that what we were really building was a
bottom-up, light-weight interoperability framework for personal digital
identities since we addressed the problems in a quite general manner.
Working on this, it became clear very quickly that the resulting
interoperability architecture was much more broadly applicable. In our
view, it promises to be a good foundation for decentralized, bottom-up
interoperability of a whole range of personal digital identity and
related technologies, without requiring complex technology, such as SOAP
or WS-*. Due to its simplicity and openness, we hope that it will be
useful for many projects who need identification, authentication,
authorization and related capabilities.
We have written a document that describes the base YADIS protocol, and
outlines how to use it together with LID and OpenID. This document is
largely still a work in progress, proposing how different existing
identity systems can work together; feedback is welcomed. The YADIS
codename is also not designed to be user facing and is expected to be
changed as this project further progresses.
YADIS' initial focus is to empower the individual user with user-centric
personal digital identity, and not so much to serve the needs of
enterprises for, say, enforcing compliance with government regulations.
While there are successful uses of the described technologies in
enterprises already, we realize that more work needs to be done to
address additional enterprise requirements. If you have specific
expertise in this area, we very much appreciate your input. We do
however see the ability for corporations to integrate their existing
authentication mechanisms with other YADIS enabled services providing
their users with SSO abilities outside of their own architecture.
More information about YADIS and ways to get involved can be found at
http://www.yadis.org where we also provide a full copy of document
describing this proposal. We look forward to further discussing it with
all of you in a few days at the conference in Berkeley. It is our
current plan to use this mailing list for both OpenID and YADIS at this
time. While this may change in the future, we felt it be best as YADIS
continues to evolve with a user facing name as we'd expect most of you
to be interested in this as well.
More information about the yadis