My SAML parfait diagram experiment went pretty well. I heard from a number of people who found it helpful, and one fellow even asked for the source (OpenOffice.org, need you ask?) so he could try tweaking it to highlight one profile/protocol to which I’d given short shrift.
At around the same time, some people who came across the SAML (and Liberty)/OpenID/CardSpace Venn diagram that appears in the RSA talk I did with Liberty Alliance director Brett McDowell asked me to post it because they thought it was generally useful. I’m definitely not the artistic type, but I guess I can draw boxes and lines — and bubbles — well enough! The following version isn’t quite as pretty as the RSA one because that was done by a professional graphic artist for the occasion, but I’ve continued to fiddle with the wording a bit so I needed my own copy. (You really do need to click to enlarge this one, to read it properly.)
Giving credit where it’s due: The main author of this diagram is really Paul Madsen, who sketched an early version during the discussion of the identity triangle diagram that Johannes Ernst put together, so Johannes deserves a hat-tip for his original series. And the title of the post is stolen shamelessly from my former Sun colleague Gary Ellison, who used it for a presentation to the JA-SIG on federation, identity, and web services back in 2003.
In the spirit of some of Gary’s diagrams but at a higher level, I recently did another Venn diagram to flesh out my “convergence touchpoints” material in the RSA slides, providing a view that stretches across federated identity and web services. I can’t credit/blame anyone but myself for this one. Really, it’s slightly more than a Venn because the shapes of the bubbles hint at horizontal applicability. (Again, click to enlarge.)
Let me know what you think…
Hi Eve, nice diagrams!. In the first one, what do you mean by “solutions for consistent user experience”? Thanks, carolina
Hi Carolina! I meant that SAML and Liberty have not standardized any particular UIs (though they each have standardized the protocol behavior of clients in some instances), while both OpenID and CardSpace prescribe user interaction to varying degrees, and explicitly act on a goal of ritualizing/making consistent how a user authenticates, controls attribute release, etc.
Of course, similar rituals are possible that use SAML and Liberty protocols; Hubert’s Liberty on the Desktop example shows one way.
I’m not happy with the implication that CardSpace doesn’t do SSO. Under normal circumstances, all CadSpace requires of the user is one “click to approve” to sign on to a site. Granted, that’s not quite what a lot of folks think that SSO means, but I would rather interpret SSO as meaning Simple (enough) Sign On.
Furthermore, I’m not sure that signing on to a site in a manner that’s “seamless and transparent to the user” is even a good thing. It sure doesn’t help a user’s situational awareness.
Nevertheless, it’s nice to have a visual diagram that compares and constrasts the different identity systems. And I sure do like doing the same thing with the protocols and languages operating behind the scenes.
Really interesting article, reading the comments there doesn’t seem to be much love for cardspace hehe