This presentation by Eric Sachs (Senior Product Manager, Google Security) was given at the 2010 Cloud Identity Summit. The summit included 'Dissecting Cloud Identity Standards', where "Secure internet identity infrastructure requires standard protocols, interfaces and API's. The summit goals were to help make sense of the alphabet soup presented to end-users, including OpenID, SAML, SPML, ACXML, OpenID, OIDF, ICF, OIX, OSIS, Oauth IETF, Oauth WRAP, SSTC, WS-Federation, WS-SX (WS-Trust), IMI, Kantara, Concordia, Identity in the Clouds (new OASIS TC), Shibboleth, Cloud Security Alliance and TV Everywhere...
Sachs' paper overviews Google's goals in identity services to increase growth, and provide a more seamless user Google provides federated identity services for over 2 millions businesses and hundreds of millions of users. He explains why Google has made such a large investment in technologies such as OpenID & OAuth, and how consumer websites and enterprise oriented websites are connecting experience.... [Excerpts:] Broad Net-wide goals are to (1) Reduce friction on the Internet by:
improving collaboration between users, especially between companies; promoting data sharing between users and their service providers; enhancing user experience through personalization and increased signup rates (2) Increase user confidence in security of the Internet, by reducing password proliferation re-use across sites; promoting high adoption of multi-factor authentication; advancing user/enterprise controlled data-sharing...
As to eliminating passwords by using Open Standards: No one company can do this on their own. Consistency in User Interface/Experience is critical. Support from major players is a must (Microsoft, Facebook, Google, Yahoo, AOL, etc.). The solution must support not just consumers, but also small/medium sized businesses and enterprises, and the solution must work globally. It's is not just web apps: must support iPhone apps, POP/IMAP apps, Windows apps, Mac apps, Linux apps, Blackberry apps, etc. If the app's website has no password for the user, what does user type in the login box? It's the same problem as OpenID and SAML. On a web login page, we redirect via SAML/OpenID. What do you do from a login page that is not in a web-browser?
Multi-factor authentication unlocks market for multi-factor auth vendors, especially mobile phone/network providers; usability is greatly improved by linking a user/employee's single identity provider with muli-factor authentication..."http://www.cloudidentitysummit.com/upload/PingKeynote_Eric-sachs.pdf
See also the online Summit presentations: http://www.cloudidentitysummit.com/Presentations-2010.cfm
Bron: Robin Cover OASIS