Thursday, December 20, 2007

Discovery, wherefore art thou Discovery?

The web seems "a buzz" these days with different flavors of "discovery". I've recently been hearing more and more need for Personal Service Discovery. This is coming from both internal and external customers. Two key questions are asked. (1) What is the user's preferred service? (e.g. picture service) and (2) Where is this user's specific service located. The two questions are not mutually exclusive. What I find quite humorous is that the Liberty Alliance has had a "Discovery Service" for quite some time that is capable of answering both those questions (and others). I wish I had Paul's witty way of poking fun... but alas I'm not that talented.

Here are a few recent proposals for "Discovery" services. I'm sure there are many I'm missing...


  • XRI Resolution -- a mechanism for describing and querying personal service endpoints (among other things)
  • XRD Provisioning Protocol (XPP) -- an XRI based mechanism for Service Providers to attach their service to a user's individual XRDS file hosted by the user's IdP
  • "DHCP for Identity" -- "As users, our identity, photos, videos and other forms of personal data should be discoverable by, and shared between our chosen tools or vendors."
  • Dynamic Federation -- service provider metadata is discovered via transformation of a user identifier
  • OAuth Discovery 1.0 Draft 1 -- This is really "service provider metadata" that is "discoverable".

Interesting to me is the leveraging of XRDS as a containing structure for describing service metadata amongst a number of these proposals. Anyway my hope is that as an industry we leverage all the work that has already been done while looking for ways to make things easier for users and developers.

"Standing on the shoulders of giants" comes to mind.


Soapbox: "Likely to offend some" ???

I smiled at Paul's recent post of Xmas Cards. I find it humorous that in our society we quibble over such silly things. However as I thought more about it, what really struck me was the double standard that exists but we ignore all the time.

What is it about “Merry Christmas” that might offend someone?

Is it that Christmas is equated to a Christian holiday and somehow recognizing that such a holiday exists is offensive?
  • This doesn't make sense to me because I would guess that the majority of people who celebrate “Christmas” do not hold to the “truths of the Christian faith”. Christmas for them is a merry time of year to give to others and receive gifts from others. It's a time to enjoy family and friends. What is so offensive about that? Would people be offended if the greeting were Happy Hanukkah?

Is it that the word “Christ” appears in Christmas and hence that is offensive to some?
  • This really doesn't make sense as the same people who are offended by the term “Merry Christmas” probably use “Christ”, “Jesus”, “God”, etc on a daily basis as an expression or expletive. So if it's OK to use these terms in a way that doesn't relate to the object of the term, why would the rule change for “Merry Christmas”?

The double standard is that it's OK to offend people who believe in God and Jesus Christ, but it's not OK for those people to use the same terms in an honoring way because they might be offensive to those who don't hold the same beliefs.

So I'm not quite sure whether I should smile or be “offended” that “Merry Christmas” is “Likely to offend some” :)

From the "Feeling rather behind..." department

A few weeks ago Johannes Ernst's posted a blog entry, in which he describes a number of tiers regarding different classes of identity relationships between a business and it's partners/customers. I like the taxonomy and agree that its a good framework for communicating both identity issues and technology relevance.

I just wanted to add that Ping! Identity's proposed “dynamic federation” would perfectly suit Tier 2. It provides good secure SAML based federation while being easy to deploy. Of course, some of those 100's of affiliates might not support SAML as their identity solution so other easy to deploy mechanisms will need to exist as well.

This multiple protocol, deployment environment is the main goal of the Concordia project. The definition of these environments as use cases and then the proposed solutions will significantly help businesses integrate their affiliates in a quick and seamless manner.

Finally, I would expect that a business would want to use a single standard technology for Tier 0 and 1 as “federating” internally is a real pain.