{"id":1146,"date":"2010-07-10T11:13:50","date_gmt":"2010-07-10T19:13:50","guid":{"rendered":"\/?p=1146"},"modified":"2010-07-10T11:36:51","modified_gmt":"2010-07-10T19:36:51","slug":"using-consumer-identities-for-business-interactions","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1146","title":{"rendered":"Using Consumer Identities for Business Interactions"},"content":{"rendered":"<p><a href=\"http:\/\/research.microsoft.com\/en-us\/um\/people\/mbj\/\">Mike Jones<\/a> <a href=\"http:\/\/self-issued.info\/?p=325\">writes about<\/a> an &#8220;identity mashup&#8221; that\u00a0drives home\u00a0a really important lesson: \u00a0the organizational and technical\u00a0walls that used to stand in the way of Internet business\u00a0are\u00a0dissolving before our very eyes.\u00a0 The change agent is <em>the power of claims<\/em>.\u00a0\u00a0The mashup Mike describes crosses boundaries in many dimensions at once:<\/p>\n<ul>\n<li>between industries (medical, financial, technical)<\/li>\n<li>between organizations (Medtronic, PayPal, Southworks, Microsoft)<\/li>\n<li>between protocols (OpenID and SAML)<\/li>\n<li>between\u00a0computing platforms (Windows and Linux)<\/li>\n<li>between software products (Windows Identity Foundation, DotNetOpenAuth, SimpleSAMLphp)<\/li>\n<li>between identity requirements (ranging from strong identity verification to anonymous comment)<\/li>\n<\/ul>\n<p>This is a super-concrete demonstration of the progress being made on the &#8220;Identity Metasystem&#8221; so many of us in the industry\u00a0have been working on.\u00a0\u00a0 My favorite word in<a href=\"http:\/\/self-issued.info\/?p=325\"> Mike&#39;s piece <\/a>is &#8220;quickly&#8221;, to which I have taken the liberty of adding my own emphasis:<\/p>\n<p style=\"padding-left: 30px;\"><a href=\"http:\/\/www.medtronic.com\/\">Medtronic<\/a>, <a href=\"https:\/\/www.paypal.com\/\">PayPal<\/a>, <a href=\"http:\/\/www.southworks.net\/Home.aspx\" class=\"broken_link\">Southworks<\/a>, and Microsoft recently worked together to demonstrate the ability for people to use their PayPal identities for participating in a Medtronic medical device trial, rather than having to create yet another username and password. Furthermore, the demo showed the use of verified claims, where the name, address, birth date, and gender claims provided by PayPal are relied upon by Medtronic and its partners as being sufficiently authoritative to sign people up for the trial and ship them the equipment. I showed this to many of you at the most recent <a href=\"http:\/\/www.internetidentityworkshop.com\/\" class=\"broken_link\">Internet Identity Workshop<\/a>.<\/p>\n<p style=\"padding-left: 30px;\">From a technology point of view, this was a multi-protocol federation using OpenID and WS-Federation \u2013 OpenID for the PayPal identities and WS-Federation between Medtronic and two relying parties (one for ordering the equipment and one for anonymously recording opinions about the trial). It was also multi-platform, with the Medtronic STS running on Windows and using the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/evalcenter\/dd440951.aspx\" class=\"broken_link\">Windows Identity Foundation<\/a> (WIF) and <a href=\"https:\/\/www.ohloh.net\/p\/dotnetopenauth\/\" class=\"broken_link\">DotNetOpenAuth<\/a>, the equipment ordering site running on Linux and using <a href=\"http:\/\/rnd.feide.no\/simplesamlphp\" class=\"broken_link\">simpleSAMLphp<\/a>, and the opinions site running on Windows and also using WIF. A diagram of the scenario flows is as follows:<\/p>\n<p style=\"padding-left: 30px;\"><span class=\"plain\"><img src=\"\/wp-content\/images\/2010\/07\/Identity_Mash-Up_Diagram.jpg\" alt=\"Identity Mash-Up Diagram\" \/><\/span><\/p>\n<p style=\"padding-left: 30px;\">We called the demo an \u201cidentity mash-up\u201d because Medtronic constructed a identity for the user containing both claims that came from the original PayPal identity and claims it added (\u201cmashed-up\u201d) to form a new, composite identity. And yet, access to this new identity was always through the PayPal identity. You can read more about the demo on the <a href=\"http:\/\/blogs.msdn.com\/b\/interoperability\/archive\/2010\/07\/09\/identity-mash-up-federation-demo-using-multiple-protocols-openid-and-ws-federation.aspx\" class=\"broken_link\">Interoperability @ Microsoft blog<\/a>, including viewing a <a href=\"http:\/\/channel9.msdn.com\/posts\/jccim\/Identity-Mash-up-Federation-Demo-using-Multiple-Protocols-OpenID-and-WS-Federation\/\">video of the demo<\/a>. <a href=\"http:\/\/www.southworks.net\/Home.aspx\" class=\"broken_link\">Southworks<\/a> also made the <a href=\"http:\/\/southworks.github.com\/protocol-bridge-claims-provider\/\" class=\"broken_link\">documentation<\/a> and <a href=\"http:\/\/github.com\/southworks\/protocol-bridge-claims-provider\">code<\/a> for the multi-protocol STS available.<\/p>\n<p style=\"padding-left: 30px;\">I\u2019ll close by thanking the teams at PayPal, Medtronic, and Southworks for coming together to produce this demo. They were all enthusiastic about using consumer identities for Medtronic\u2019s business scenario and pitched in together to <span style=\"background-color: #FFFF66\">quickly<\/span> make it happen.<\/p>\n<p style=\"padding-left: 30px;\">\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Medtronic constructed an identity for the user containing both claims that came from the original PayPal identity and claims it added (\u201cmashed-up\u201d) to form a new, composite identity.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[37,43,8,22,75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1146"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1146"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1146\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}