• United States

How Liberty’s People Service could benefit enterprise networking

Jan 18, 20063 mins
Access ControlNetworking

* Personal identity in a social networking context

It could be that the “People Service” of the Liberty Alliance (which we began to look at in depth in the last issue) could be the major catalyst of one of the resolutions I proposed for the industry a couple of weeks ago (“Three proposed resolutions”), the convergence of identity architecture.

As I mentioned in that newsletter, last year saw a resurgence in the area of personal identity, lead by the yearlong discussion surrounding Kim Cameron’s Seven Laws of Identity. Small start-ups like LID, OpenID, Passel and others, along with bigger players such as Sxip, have one view of how identity should be addressed, while enterprise players such as Sun, IBM, CA, HP, Novell and more have a somewhat different view. Microsoft is somewhere in between.

Players such as LID, OpenID, iNames, Passel and others are concerned with “personal identity” and it’s use in social networking while the “big boys” (Sun, IBM, CA, HP, Novell) have concentrated on corporate identity in enterprise networking. Sxip and Microsoft are (tentatively) trying to play in both arenas.

So when the Liberty Alliance – the epitome of corporate identity in enterprise networking – launches its “People Service” – designed expressly for personal identity in a social networking context – everyone needs to pay attention.

When I first ranted against the People Service last month I questioned whether or not this added anything new to the Liberty specification. In other words, isn’t this something that could be done already, without a new service layer? Shibboleth architect Scott Cantor, in an e-mail exchange, answered me with:

“The PS [People Service] seems to me to be a management layer on top of the kinds of linking tools that identifiers such as those supported by SAML might provide (noting that anything can be a SAML identifier, Liberty just focuses on one type) along with a set of services for crosswalking them and issuing invitation messages so that new identifiers can get established on the basis of the ones that exist.

“For example, if we use different IdPs [Identity Providers] the PS lets some SP [Service Provider] in the world get an identifier from my IdP that you can use to refer to me.

“In other words, the building blocks were perhaps present in part in older specs and deployments, but not the higher level behavior. You can certainly build a kind of PS on top of ID-FF or SAML, which umm, is the point. That’s what the PS is.”

In that light, the People Service becomes more of a “use case study,” or tutorial on how to put together a federated identity service for social networks. But not only that, since it’s a service which is also easily incorporated into an enterprise/corporate networking federated identity service.

While it’s not, in and of itself, the convergence of the two camps it is, perhaps, a tantalizing treasure map showing the way towards a universal identity system, acceptable to all. That’s a treasure we’d all like to find.