- Market surges, Gates predicts 9% unemployment
- Obama the first presidential hopeful to advertise in games
- Microsoft reveals critical holes in Active Directory
- BlackBerry Storm vs. the iPhone
- How will economy affect network equipment vendors?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Recently there was a minor flap over patent issues and user-centric identity systems. Someone had discovered that Dick Hardt and Sxip Identity had applied for some U.S. and U.K. patents covering identity systems that appeared to cover technology used in the OpenID system.
Now anyone who knows Dick or has worked with Sxip is well aware that this company is no Eolas (the folks who claim a patent on browser plug-ins), nor is there any indication that Sxip wants to quietly have people adopt a standard that it later claims is covered by its intellectual property (IP).
Sxip does own quite a bit of IP related to its Sxip Access product, and a lot of the OpenID system could be said to derive from the Sxip model. It could be said, in fact, that Hardt “invented” the three-part identity system of Identity Provider, User and Relying Party (RP, or Identity Consumer).
Since OpenID is, at least nominally, an open source project, patent issues are red flags to many of its proponents.
So it’s with a real sense of relief that I can report that Hardt stated to me unequivocally, “We will issue non-assertion statements similar to other respected corporate patent holders [e.g., Sun and IBM] as specifications we participate in are finalized.”
He went on to note that, “We have been open to spec developers and the core OpenID community that we hold patents in this area.” Evidently it’s not the OpenID stakeholders raising a potential stink, but those whose interests lie in other identity systems and methods.
This seems like a good time to give you an interim report on Sxipper, Sxip’s well-designed Web-based single sign-on solution plus (SSO+). The “plus” is a form-filling tool that allows the first visitor to a form to map the fields and send the resulting semantic map back to the Sxipper site. Subsequent Sxipper-enabled visitors to that form will see their own data automatically populated into it.
The project is still listed as beta software and is undergoing seemingly endless “updates” (which are very quietly and automatically installed. I wish other software vendors would adopt Sxipper’s update methodology!). But, for me, it’s the most-compelling reason to install Firefox as your primary browser. Sxipper has improved greatly in usability and functionality since I started using it last fall and now I’d be severely impacted if it were no longer available to me. It’s really the best, if not the first, user-centric identity tool.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
I think you've got the history a bit wrong here...By Chuck Mortimore on July 25, 2007, 12:28 amThe original SXIP 1.0 protocol still had massively centralized trust. You were required to trust a single centralized Rootsite, controlled by Sxip, that was used...
Reply | Read entire comment
3-part ID modelBy David Kearns on July 23, 2007, 11:01 amPat, Robin - Now guys, you know I respect your opinions, but neither the SAML model nor Kerberos is anything like the 3-part user-centric model hat is OpenID....
Reply | Read entire comment
"Invention" of IDPBy Robin Wilton on July 23, 2007, 6:08 amPat's counterexample can also be significantly pre-dated if you consider that architectures such as Kerberos, RACF Passtickets and others all embody the same principle:...
Reply | Read entire comment
RE: Setting the record straight on Sxip and patentsBy Pat Patterson on July 21, 2007, 10:04 pm"It could be said, in fact, that Hardt 'invented' the three-part identity system of Identity Provider, User and Relying Party (RP, or Identity Consumer)." - come...
Reply | Read entire comment
View all comments