Hallam-Baker, Phillip wrote:
Perhaps it is just me but I find the two assertions implicit/explicit in
your messages to be incompatible:
1) That identity is a topic that the IETF has failed to do useful work
on in the past
That is a unfair statement. 1. There is lots of useful work being done
on Identity Management its just not being done at the IETF. We are not
the only standards body on the planet.
2. There is lots of interest in Identity all over the IETF specifically
in the RAI area where there are several important drafts being worked on
the relationship of SIP to SAML. I think this work extremely important.
Are you familiar with the existent SIP SAML work?
The question continues to be what areas _could_ or _should_ the IETF
make a useful contribution on and how does that relate if any to the
existing body of work on SAML and Liberty's Federated Identity
Management work. I have some suspicion that W3C is also looking at this
You were correct earlier post that the current work in Liberty has been
oriented towards the enterprise single sign on problem but that does not
mean it cannot be generalized to the cross domain problem that is the
focus of the current Liberty Federation work. As everyone knows modern
Identity management theory came out of the violent reaction to
Microsoft's Passport proposal.
I remain very cautious about reinventing the wheel here.
2) That the organizers of the BOF have need of more extensive input from
those who have failed to do productive work on the topic before
While learning lessons from past failures is an important part of the
design process this does not appear to be the type of input into the
procedings that you appear to have in mind.
You incorrectly assume there are failures in this space. In fact there
are several successes. I for one agree that the IETF has not looked
correctly at Identity management in general but I also strongly believe
the IETF has ignored the significant body of existing work in the space.
It is reasonable to tell the builders of the new bridge to ask the
architects of the old one why it fell down.
I also do not want to build a new bridge if in fact the existing tunnels
can handle the demand.
It is completely
unreasonable to tell the builders of the new bridge to ask the
architects of the old one how to build the new bridge and wait on their
This BOF is not the only initiative underway in this space. The internet
is under attack, phishing is a form of identity theft. So working out
how to fit theft proof credentials into the Internet infrastructure is
an important problem.
Yes but what I and many others would like to see first better grasp of
the problem statement, a survey of what is existent in Identity
Management, a determination of what currently exists can be reasonably
adapted to the problem ..then and only then attempt to design something new.
There are lots of folks at IETF that are very familiar with Identity
related problems and protocols. I am a bit disturbed that a solution is
being proposed before the problem and the alternatives are throughly
Richard Shockey, Director - Member of Technical Staff
46000 Center Oak Plaza - Sterling, VA 20166
PSTN Office +1 571.434.5651 PSTN Mobile +1 703.593.2683
Fax: +1 815.333.1237
<http://www.neustar.biz> ; <http://www.enum.org>
Ietf mailing list