??? We have made clear throughout the entire
book that diversity is an important and a noneliminable component
of the Internet ecology. How can we convince that all entities
in operation, today and tomorrow, would abandon their
current systems and adopt a new one? Would we even want to
do such a thing?
Fortunately, we don??™t need to. We can create a system of systems,
or Metasystem, that will embrace existing technologies
and facilitate the dialog among them.
Managing identity entails manipulating common abstract principles,
performing speci?¬?c actions and covering canonical roles.
Those are concepts that exist in complete independence of the
speci?¬?c features of the existing and imaginable authentication
schemes. Just think of the descriptions we gave of SAML,
Kerberos, Secure Sockets Layer (SSL) client authentication and
others in the section ???The Babel??? in Chapter 1. There are important
differences in the way they operate, but you can see that
there are analogous concepts (such as the idea of token) and
messages with the same semantic (such as obtaining a token
from an authority).
We can conceive an Identity Metasystem that de?¬?nes concepts
and operations universally valid in the identity space, without
bothering about the implementation details; we can devise an
integration layer through which the peculiarities of speci?¬?c
identity systems are abstracted out and mapped to and from
those generic constructs.
Pages:
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200