Implementing YADIS with no new software
Martin Atkins
mart at degeneration.co.uk
Tue Nov 1 10:29:12 PST 2005
Ernst Johannes wrote:
> It's interesting to me how many people think only of authentication/
> single-sign-on as a feature when they think about digital identity.
> (This is a general comment but I thought I jump in to outline a broader
> picture.)
>
Indeed. I see a lot of rather short-sighted assumptions in this thread,
including these three in particular:
* The only capability we care about is sign-on.
* People will only use one "server" to provide all of their capabilities.
* People will only specify a small amount of capabilities.
I see all of these as very bad paths to head down. Even looking only at
currently-relevant capabilities we have profile exchange and
user-accompanied RPC in addition to sign-on. Also, YADIS is designed to
provide a unification point for disparately-developed features, so it's
silly to assume that these things will all be provided by the same
server. Finally, we are designing a platform whose express purpose is to
make innovation in the personal identity field less painful, so it needs
to be as scalable as possible since the whole point of innovation is to
do things that no-one's thought of yet.
Note that the whole "HTML document links to a capability document" is
not the only mechanism. It's also possible for the identity URL to point
directly to a capability document, avoiding the indirection. The in-HTML
approach is in similar vein to the auto-discovery used for syndication,
allowing end-users to provide the URL of something they're familiar with
(a web page) rather than of some machine-oriented document they can't
relate to.
Having said all this, I'm not claiming that the spec is perfect as-is,
nor is it perfect with my earlier proposal applied. I have more changes
to propose, but chose to offer them one at a time to avoid creating a
confusing mess of intermingled debate.
What format the identity document is in is largely irrelevant at this
stage. What we should be discussing is how we discover the document and
what information is to be inside it, with an eye to scalability as well
as practicality.
All the best,
-Martin
More information about the yadis
mailing list