SSO Summit redux

I had a great time at our first annual SSO Summit in Keystone CO a couple of weeks ago. When organizing this event we decided to allocate an afternoon to smaller breakout discussion groups. While the customer case study presentations were fantastic I had a lot of fun facilitating a couple of these discussion groups. This is something you can do at a smaller conference that just doesn't work at most of the larger trade and analyst shows. Our expectation was that 8 - 10 people would gather round a table to discuss different topics related to SSO. Each discussion group was asked to provide a quick summary of their conclusions to the rest of the attendees. We chose the specific topics ahead of time rather than having the attendees think up the topics themselves in an un-conference like manner (which is something we will likely change for next year). The fact that we were able to think of over 20 different topics related to SSO tells you how much is still to be accomplished in the SSO space.

One of the discussion groups I facilitated was titled 'Where do OpenID and InfoCards fit?'. Dave Kearns (of Network World fame) participated and has written a great summary of how the 90 minute discussion progressed and of the somewhat surprising conclusions.

Building on Dave's summary I wanted to clarify that our discussion on OpenID and InfoCards was primarily focused on enterprise SSO use cases rather than consumer use cases. Given that caveat, the group concluded that OpenID as an enterprise SSO solution was not recommended as it did not really add any significant value over existing enterprise SSO technologies such as Kerberos, SAML and the cookie-based Web Access Management (WAM) products. OpenID’s major benefits of lightweight integration was heavily outweighed by issues such as requiring a URL based identifier, the fact that its yet another web sso protocol, that there is limited trust etc.

A couple of people from Sun also participated and they made reference to the Sun OpenID provider that is targeted for Sun employees. It was interesting to note that they said it went down for two days and nobody noticed or complained.

That said, it was recognized that some of the newer social media platforms entering the enterprise (e.g. wikis and blogs) will have OpenID support built in. But for these platforms to be ‘enterprise ready’ they will also be forced to support SAML, Kerberos and LDAP.