B. Mann Consulting

At some point I got a ping from someone that was working on a SAML implementation for Drupal. Unfortunately, that was a year ago or more, and trawling my email doesn't seem to surface anything.

So, anyone out there in blog land working on a SAML *SP* (aka client) implementation for Drupal? I have some folks that would like to test interop. Please contact me if you've got something.

Related to this is the Google Apps Authentication module, which lets you use your Drupal database as an authentication source for Google Apps -- the for pay, Enterprise or Education edition. This is a SAML v2.0 IdP implementation as far as I know...

And yes, I'm still a huge OpenID fan. But combining the two standards is even better, since theoretically you could create new Drupal accounts via OpenID, and the Drupal accounts in turn would serve as auth for Google Apps. AKA how to use OpenID with Google :P

VeriSign chose OpenID for their new "Personal Identity Provider", aka pip: http://pip.verisignlabs.com/.

I'm a bit confused. OpenID handily does single sign on. But that's it. I can understand not deploying a huge SAML stack -- all of those blogs and web apps that they talk about it in the announcement post have no way of easily interoperating with SAML today, aka lack of scripty language support -- but OpenID is fairly limited today. Be interesting to see if VeriSign will push Simple Registration Protocol and/or extend the OpenID "spec" and/or standardize it in some way as DIX is doing (or merge/interoperate/implement DIX?).

If I were VeriSign, I would follow this up with support for multiple identity protocols -- that is, after all, Canter's Law: work with everything. You could have a single identity hosted by VeriSign and accessible via a variety of protocols, from OpenID to DIX to SAML to InfoCard.

It certainly is great to see experimentation actually starting to happen in this space. At the Mesh conference, which I've just come back from, I heard some rumours about a potential 10M profile installation of DIX. Exciting times...

Interested in social networking and all things identity? The Liberty Alliance is having a webcast on the ID-WSF People Service (I can't believe that that has a TM after it...kind of illustrates the icky feeling people have towards Liberty stuff...) -- 8AM PST, January 11, 2006, ID-WSF 2.0’s People Service: Federated Social Identity, presented by Paul Madsen:

The Liberty ID-WSF People Service™, a key component in ID-WSF 2.0, is the industry’s first comprehensive platform for managing social information within an open federated network environment. People Service allows consumers and enterprise users to manage social applications such as bookmarks, blogging, calendars, photo sharing and instant messaging from a common layer within the ID-WSF 2.0 framework. Liberty People Service has been developed to allow individuals to easily store, maintain, and categorize online relationships so that other socially-aware Web services applications can leverage information based on the consent and privacy controls established by a user in the federated social network. With Liberty Alliance People Service, consumers and enterprise users can now centrally manage all of their online social relationships using a federated network approach with privacy controls built into the system allowing users to leverage the privacy functionality of Liberty Web Services to more easily and securely share social and enterprise information across applications, platforms and service providers. In this Web cast, we’ll overview the functionality of People Service and provide some use case examples. You won’t want to miss this highly informative session.

Lauren gave me a heads up on this, and checked with the organizers: there are over 60 people signed up already, and the organizers will make more slots available if it gets "full"...but you need to RSVP soonish to make sure.