Recently I have delved a little more into understanding more about topics related to distributed search and identity. It was an eye opener to a whole new world of acronyms. To try to resolve the issue of lack of awareness and information, I have signed up for 3 events in 2 weeks
- Drupal Camp Victoria, where I will be attending/organizing a BOF on identity, to discuss, listen and understand with other interested parties. As well, trying to do my part, by giving a talk on setting up local development environments
- Digital Identity conference in Los Angeles, where I managed to register as a "blogger".
- Drupal Camp LA since I will be down in Los Angeles, might as well.
It has been more than a year since I had last read up on single sign-on (SSO), and Verisign's one-time password (OTP) system generator.
In the meantime, due to evangelists such as Boris Mann, Dick Hardt, I became more aware of other identity alternatives such as OpenID, Facebook connect, SAML, InfoCard with associated drupal modules
From what I can understand, OpenID is great for blogging purposes, but not enterprise level authentication unless backed up by a token, smart card or biometric device, which Trustbearer has a good grip on. Information card seems a little more difficult to manage, as software may need to be installed on each computer and their information cards transferred between the computers they use. The information card foundation is attempting to address those issues, however, the techniques they use then seem to draw upon smart cards and maybe even openid. I don't know how it all will shake down, as far as I can tell openid and information cards do not plan to compete. Then again Facebook Connect may make OpenID obsolete, depending on how Facebook intends to manage its identity implementation.
