One of the most important articulations of this user-centric/user-driven identity space is the Venn of Identity.
This first appeared as a triangle in one of Johannes' introductory talks at IIW in 2006.
- The Liberty identity pillar. This pillar is ready-made for corporate adoption: identity is “given” to the individual by the corporation (e.g. the employer), and it is the corporation that decides which identity attributes are managed and shared with whom. Even if the corporation gives the individual many choices, it is ultimately the corporation who decides whether or not to give those choices to the individual. Typically, Liberty implementation projects are between companies; the individual does not participate directly.
- The WS-*-based identity pillar, which, at this juncture, is largely driven by Microsoft. InfoCards is a new "Identity Selector" application that will be bundled, we are told, with every copy of Windows Vista when it ships. It is based on a number of WS-* standards, some WS-* specifications that are expected to become standards at some point, and some Microsoft extensions. As Vista has not shipped yet, there are still many open questions, such as whether it will ever be seriously supported on non-Microsoft operating systems or non-PC devices, or how it could interoperate with non-WS-* based architectures and protocols.
- The URL-based identity pillar, which is largely an open-source, grassroots effort. It aims to put the individual fully in control: over identity providers, over attributes, over whether or not to have an identity or how many, over which software to run from which vendor, and over the feature set associated with their identity. Its most visible sign is the use of URLs to point to people, just like we use URLs to point to companies or documents. This pillar is rapidly coming together in the YADIS community, which essentially facilitates an open marketplace of interoperable identity-related features from which the individual may pick as many or as few as they like.
The big differences to the January version are the following:
- The various URL-based technologies (LID, i-names, Yadis, Sxip, XRI, et al) have come together under the OpenID term.
- Microsoft gets a lot of credit for their support of the OSIS project, which brings together most important enterprise software vendors and a number of startups, and thus makes this third column far less Microsoft-controlled than it appeared in January.
- There are various very encouraging signs that the OpenID and SAML/Liberty communities are coming together, allowing the use of SAML in a user-centric manner, which would allow all three columns in a user-centric manner.
This was done in a bit of hurry, so please tell me whether I’m wrong and bear with me if I update it a few times.
Paul Madsen did a sketch and Eve Maler did this electronic version that appeared in her RSA presentations.
The diagram became a Venn 🙂
She worked with Drummond on a paper published in the IEEE you can find here.
I highly recommend reading this to "get our industry"
By September 2009 she had refined it further.
It is licensed Creative commons with attribution.
This evolution of shared understanding is part of what it has meant to be a community together figuring out the complexities of supporting people's identities online.
Very interesting. Thanks for publishing.
Are there any updates for 2010? Where does OAuth fit on this. Would’t we say today that OAuth sould be in the circle where you have SAML? A number of large social platforms (e.g. Twitter) have endorsed OAuth this year. I admit, I am a OAuth bigot, so please understand, but can’t one make an argument that with the decline of use of SOAP in general, that OAuth is coming more to the forefront?
Would be interested in hearing your take on this.