Paul Madsen, a key Liberty architect, has posted a wonderful insight about the relationship of OpenID and SAML. He plots both of them against the axes of:
- The selectivity of an OpenID relying party (a website that accepts OpenID logins, also called an RP) about the OpenID identity providers (IdP) the RP will accept OpenID authentication from, vs.
- The level of security the RP needs (think blog comments vs. banking).
Paul’s graphic illustrates that while both OpenID and SAML have their respective sweet spots today, the real potential is for the two to converge on a much bigger sweet spot that could handle the whole gradient.
I for one find this prospect very exciting. I don’t for a minute think it will be easy, or that it can happen overnight. But the synergies are growing so fast — and the prospects of a unified user-centric identity layer so compelling — that what only a few months ago seemed improbable is starting to look inevitable.
I expect this to be a major locus of discussion at the Fall Internet Identity Workshop Dec. 4-6 in Mountain View. Don’t miss it.