{"id":764,"date":"2007-04-26T09:48:47","date_gmt":"2007-04-26T17:48:47","guid":{"rendered":"\/?p=764"},"modified":"2007-04-26T09:48:47","modified_gmt":"2007-04-26T17:48:47","slug":"identity-systems-all-about-making-claims","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=764","title":{"rendered":"Identity systems all about making claims"},"content":{"rendered":"<p class=\"first\">Network World&#39;s excellent <a href=\"http:\/\/www.networkworld.com\/Home\/jfontana.html\" class=\"broken_link\">John Fontana<\/a>&nbsp;has&nbsp;<a href=\"http:\/\/www.networkworld.com\/news\/2007\/042307-microsoft-identity-systems.html?page=1\" class=\"broken_link\">written about&nbsp;<\/a>an opening keynote I gave recently at the&nbsp;<a href=\"http:\/\/www.dec2007.com\/\" class=\"broken_link\">Directory Experts&#8217; Conference (DEC)<\/a>.&nbsp;&nbsp; I was&nbsp;talking about claims,&nbsp;trying to&nbsp;start&nbsp;a conversation&nbsp;that I&nbsp;will&nbsp;pursue on my blog over the next while.<\/p>\n<blockquote>\n<p class=\"first\">Las Vegas &#8212; The traditional concepts of authentication and authorization will eventually give way to an inclusive <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/news\/2006\/091306-microsoft-protocols.html\" class=\"broken_link\">identity system<\/a> where users will present claims that answer who they are or what they can do in order to access systems and content or complete transactions, according to Microsoft\u00e2\u20ac\u2122s identity architect.<\/p>\n<p>\u00e2\u20ac\u0153This is happening now and all it needs to do is gain momentum,\u00e2\u20ac\u009d said <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/power\/2005\/122605-cameron.html\" class=\"broken_link\">Kim Cameron,<\/a> Microsoft\u00e2\u20ac\u2122s identity architect, who gave the keynote address Monday to open NetPro\u00e2\u20ac\u2122s Directory Experts Conference. He said the transformation to a <a xmlns:w=\"urn:www.microsoft.com\/word\" xmlns:st1=\"urn:www.microsoft.com\/smarttags\" xmlns:o=\"urn:www.microsoft.com\/office\" href=\"ttp:\/\/www.networkworld.com\/newsletters\/dir\/2005\/0516id1.html\">claims-based identity model<\/a> is 18-24 months away.<\/p>\n<p>Cameron said the flexible claims architecture, which is based on standard protocols such as <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/news\/2006\/112006-ibm-offers-new-single-sign-on.html\" class=\"broken_link\">WS-Federation<\/a>, <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/newsletters\/nt\/2006\/0918nt1.html\" class=\"broken_link\">WS-Trust<\/a> and the <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/news\/2007\/011007-liberty-alliance-microsoft-discuss-identity.html\" class=\"broken_link\">Security Assertion Markup Language<\/a> (SAML) will replace today\u00e2\u20ac\u2122s more rigid systems that are based on a single point of truth, typically a directory of user information.<\/p>\n<p>\u00e2\u20ac\u0153You need extroverted systems, not introverted,\u00e2\u20ac\u009d said Cameron, who over the past few years has aligned <a w=\"urn:www.microsoft.com\/word\" st1=\"urn:www.microsoft.com\/smarttags\" o=\"urn:www.microsoft.com\/office\" href=\"http:\/\/www.networkworld.com\/subnets\/microsoft\/\" class=\"broken_link\">Microsoft,<\/a> its competitors and open source advocates around user-centric identity models.<\/p>\n<p>He said identity systems that are rigid and cannot connect to other systems will become irrelevant and a competitive disadvantage.<\/p>\n<p>\u00e2\u20ac\u0153You may come with a claim&nbsp;that you are authorized to do something and it may not have any authentication [information] at all,\u00e2\u20ac\u009d he said. \u00e2\u20ac\u0153This tremendously important factor means we can have a consistent technology that goes between authentication and authorization. We don\u00e2\u20ac\u2122t need all these different technologies and have all this new stuff to learn. It can all be done using the claims-based model.\u00e2\u20ac\u009d<\/p>\n<p>Cameron said this thinking is very different from a few years ago when authentication and authorization were thought of as entirely separate technologies that should never be confused.<\/p>\n<p>He said the beauty of the claims model is that it can grow out of the infrastructure users have today, including PKI, directory services and provisioning systems.<\/p>\n<p>The claims model, he said, is more flexible and based on components that can be snapped together like Lego blocks. Cameron called them Legonic Systems, which, he said, are agile and self-organizing much like service-oriented architectures.&nbsp;&nbsp; (<a href=\"http:\/\/www.networkworld.com\/news\/2007\/042307-microsoft-identity-systems.html?page=2\" class=\"broken_link\">Continued<\/a>&nbsp;here&#8230;)<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Rigid, closed identity systems will become irrelevant and a competitive disadvantage, Microsoft\u00e2\u20ac\u2122s Kim Cameron says<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,17,10,8],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/764"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=764"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/764\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}