Identity bus and Claims-based Authentication

As I understand it, the "identity bus" idea is a Microsoft thing (see "Microsoft: Identity bus is the end game for successful identity systems, John Fontana, Network World, 3/4/2008 " and "Microsoft switching SharePoint to claims-based Authentication, John Fontana, Network World, 10/16/2007") .

So what's new . . not much, apparently.

The long-standing IAM definition of any Authentication is "the process of establishing an Identity to be used in a particular instance, by verifying an assertion or claim, such as to be a particular identity or a member of a group that usually requires some form of proof, using one or more credentials or attributes."
- http://identityaccessman.blogspot.com/

There are numerous existing ways of delivering the results of a claim to a relying party, for example:
1. HTML / SAML (push) where the claim in embedded in the http header, but is lost if the service provider or page is unavailable.
2. Web Services (pull) that can be called using other SOA processes, but is unavailable if the identity provider is down.
3. Message Queues (look it up on Wikipedia) that guarantee delivery regardless of the receiving application being up or not, for later delivery (hence the queue). See MSMQ, IBMs Websphere MQ, Oracle's AQ, Java JMS) and others.

As regards the reliance on the claim, that is also covered by long-standing IAM definitions.
Here's how the degree of doubt or risk works in the existing IAM world:
- http://identityaccessman3.blogspot.com/

And the use of the word "Bus" for a subsystem that transfers data between computers is also a long-standing IT definition.

Perhaps what's new is MS recognizing that the rest of the IAM world has "been there, done that" ?

Allan Milgate,

Click to read the article this is in response to.