Pete Rowley of RedHat has to win the Witty Title Award for “The umpire delegates back“:
Recently Kim Cameron has been defending CardSpace against various assertions that it wonâ€™t work offline. As I pointed out some while back, that is pure nonesense. Iâ€™ll let you read Kims blog for the details of how such a system might work with CardSpace, but Iâ€™ll just say it has to do with delegation. And thatâ€™s just a big word for access control, in this case user centric decentralized access control.
There really is no big secret to how this stuff is possible – at some point in time an offline user will be online, and during that time instead of ceding their credentials to the service in the sky (or worse, it happens without choice), they spend the time granting access specific to the service that needs access. Thatâ€™ll be a statement along the lines of â€œPeteâ€™s blog is allowed to view this flickr photoset.â€, not â€œhereâ€™s my password dude, do as you willâ€, or indeed â€œhey, IdP, see that service? Thatâ€™s me that is.â€ I have to agree with Kim on the notion of impersonation – at no time should anybody give the required access level for impersonation of themselves, on or offline.
There be dragons.