The latter is possible in a sustainable
and future-proof fashion only if the Identity Metasystem is not
required to understand the technicalities of every technology. It
should be able to transfer that data without depending on features
and peculiarities of the formats.
In the previous section ???Negotiation,??? we saw an example in
which two parties agreed to use SAML for their transaction. An
encapsulating protocol allows the Identity Metasystem to put in
practice that decision by transporting SAML information as it
would have done for Kerberos or any other technologies (that is,
without really knowing anything about how to interpret the
SAML format).
Claim Transformers
In the examples provided so far, we have been pretty loose in
our usage of claims. The wine merchant mentioned previously
wanted to know the age of the buyer, but we didn??™t bother to
provide more detail about the format in which that information
should have been codi?¬?ed. We took for granted that the mer-
Every technology
transmits data in its
own way; a
Metasystem needs
to provide a generic
encapsulation
protocol
Trust 127
chant could, with little effort, extract that information from a
driver??™s license or from a foreign passport without much premeditation.
Pages:
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225