On Sunday, Scott Loftesness makes the cheeky (but painfuly true) point that there is a lot "blather" in the world of identity. I've noticed that a lot of blog discussion of identity focuses on drivers licenses, online banking, bill payment, and travel. These are certainly all "big fish" and lend themselves well to discussion. However, there is also a more mundane aspect to identity. Unless you've worked with many architects who are deploying Web Services inside their organizations, you would not believe how many identity problem statements can be summarized as: "Users have one username in one system but another username in another system, and we now have to link these usernames together because the systems now talk XML to each other". These users can represent actual human beings, or they can represent customer or partner organizations. But the underling problem is that they are called "Joe User" in one place and "JosephUser" in another place, but share the same identity. This is the more mundane side of identity, not as exciting as travel or drivers licenses or online banking. But the same solutions apply: SAML (and/or WS-Trust), directories, tokens.
In the SOAPbox screenshot below, you can see a SOAP message containing the username "Joe User" in the outbound pane, and "JosephUser" in a SAML token in the response pane. What you don't see is VordelDirector automatically doing the mapping in the background, based on a connection to Sun and Microsoft repositories. The configuration of this mapping was all done declaratively, with no toolkit required. The message with "JosephUser" can now be brokered to the Web Service which identifies the user in this way (known in this example as "Web Service A"). This may look very boring, but it's exciting to architects who are stuck with "Joe here, Joseph there" identity problems.
[ If you're interested in playing with this VordelDirector functionality yourself, send me an email via this blog. ]
3:42:58 PM 
|
|
