Super E-book library

Chapter 4, ???CardSpace Implementation,??? discusses how
Windows CardSpace handles federation in more detail.
WS-* Implementation of the Identity Metasystem
In the previous section ???The WS-* Speci?¬?cations,??? we devoted
some time to better understanding the phenomenon of web
services. Web services emerged in independence from the identity-
related considerations we presented in this chapter, but they
are the best tool at the industry??™s disposal for putting into practice
the requirements discovered while formulating the seven
laws and envisioning the Identity Metasystem.
Identity Metasystem Components as WS-* Features
Let??™s put the idea to test. Imagine that the three roles de?¬?ned by
the Identity Metasystem (subject, relying party, and identity
provider) are implemented as web services. To be exact, we
should say that every role will communicate with the other entities
via web services. Holding on to that assumption, let??™s recall
what the components of the Identity Metasystem were, as follows:

A way to represent identities using claims

A means for IPs, RPs, and Ss to negotiate

An encapsulating protocol to obtain claims and requirements

A means to bridge technology and organizational boundaries
using claims transformation

A consistent user experience across multiple contexts,
technologies, and operators
WS-* Web Services Speci?¬?cations: The Rei?¬?cation of the Identity Metasystem 157
The component-consistent user experience across contexts cannot
be addressed directly by a protocol (even if it is the existence
of a common metaprotocol that makes consistency
possible to begin with).


Pages:
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269