Eve Maler and some Sun colleagues have created a new protocol called "ProtectServe," which dictates interactions among four parties: a User/User Agent, an Authorization Manager (AM), a Service Provider (SP), and a Consumer. The protocol assumes there's a Relationship Manager (RM) application sitting above, acting on behalf of the User - sometimes silently. At a minimum, it performs the job of authorization management.
Eve Maler is a renaissance woman. Her bio mentions a few of her accomplishments:
“Eve Maler is a Principal Engineer at Sun Microsystems, developing interoperability strategies and leading partner engagements related to Web services, security, and identity.
“Eve was one of the inventors of the Extensible Markup Language (XML), a key technology for worldwide electronic communications. She has also made major leadership, technical, and educational contributions to other successful standards, such as Project Concordia, the Security Assertion Markup Language (SAML), the Liberty Alliance, the Universal Business Language (UBL), and DocBook.”
She’s also an accomplished rock musician and a sought-after speaker at conferences and trade shows.
Eve is best when she’s trying to catalyze something, be it a group, an event or a protocol. And just last week she took pen to hand (well, finger to keyboard) and wrote:
“In the last year, I’ve done a lot of thinking about the permissioned data sharing theme that runs through everything online, and have developed requirements around making the ‘everyday identity’ experience more responsive to what people want: re-balancing the power relationships in online interactions, making those interactions more convenient, and giving people more reason to trust those with whom they decide to share information.”
She and some Sun colleagues have created a new protocol called "ProtectServe," which dictates interactions among four parties: a User/User Agent, an Authorization Manager (AM), a Service Provider (SP), and a Consumer. The protocol assumes there's a Relationship Manager (RM) application sitting above, acting on behalf of the User - sometimes silently. At a minimum, it performs the job of authorization management. See the link above for examples of typical cases.
I thought it very much resembled Information Cards, so I asked – hey Eve, what does ProtectServe give me that InfoCards don’t already handle? The reply was quick, and complete:
“Lots. I think InfoCards can be a useful adjunct to the user-experience portion of distributed authorization, e.g. passing along an RM location claim when you log in to an SP to give it a hint as to your preferred RM. (This would be akin to the use of InfoCards to pass along a Liberty Discovery Service bootstrap attribute, as was demonstrated just recently.)
But InfoCard usage is predicated on real-time user consent for claim access (r-cards being the potential exception) vs. access when a user is offline; selectors don’t have analytics features (though why not, I don’t know); the protocol focuses on mere user consent — likely pro forma — rather than an offer of data under user-driven contract terms; and in most use cases cards typically pass along an identifier as one of the claims, which can unnecessarily early-bind that identifier to that set of shared data.
All this said, hosted identity selectors would perhaps make a fine starting place for building relationship managers…”
Perhaps we’ll hear more when Eve sits on my “Take a Card: Information Cards as Enterprise Authenticators” panel at the European Identity Conference in early May. In the meantime, visit Eve’s blog and give her your thoughts on the new protocol.