...
- Philippe presented these slides at EEMA and EIC earlier this year
- Started off on slide 11 with a historical circle of trust with one user, one IdP, and one RP.
- Slide 12: in real life the user has multiple IdPs and multiple RPs.
- Slide 13: introduces the Orange "ISA" (IdP selection agent) – a new "forth" actor. Users can simplicity and security. RPs want to increase their audience (and now they can do so with very simple integration).
- Slide 14: Shows the ISA UI and benefits
- Slide 15: The idea emerged from early Liberty work and recent market requirements work
- Slide 16: More details of UI
- Slide 17: iPhone UX (steady state: one click to make the ISA appear, one click to choose IdP and you come back authenticated)
- John: is your existing implementation doing protocol translation?
- Benoit: yes. So this is like RPX it does translation from IdP and JanRain and then from the RP to JanRain.
- Benoit: The benefit is that the RP only a single protocol.
- Paul: Isn't the chain of trust broken?
- Bob: The ISA is acting as both a selection agent and as a IdP proxy (SAML terminology). We had discussed having two agents: proxy and selection.
- Slide 20: User guide. Quick start guide to integrate and test the Orange ID Selector in less than half a day.
- Slide 21: Sample Javascript to trigger the ISA
- Slide 22:
- http://www.quizagain.com – good site to try out
- http://idselector.orange.com – to see how it works
- Philippe: this idea of the forth party has emerged from a wide collaborative discussion about how we need to make this easier for
- Paul: thanks very much; very interesting area. Avoco Secure, Verizon, Higgins Cloud Selector
- John: At one end of the spectrum XAuth allows any IdPs to add extension documents...the other end of the spectrum is knowing the user's ISA (which is less damaging than knowing the IdP/accounts the user has).