Well Jer gave me a poke this morning, so it must be time.
I have been thinking alot lately about what characteristics make up a cooperative relying party - in this context a relying party is the side of a federation that consumes or receives identity assertions the relying party can represent a single application or a broader security domain).
Even as the federated identity market surges towards being mainstream enterprise technology - and my hiatus from blogging this last half year was due mostly to being booked solid focused on helping Ping thrive in the surging market for federation technology - there is still a lingering issue with relying parties. The issue is that most applications and security domains are not designed to run as a cooperative relying party. What does it mean to be a "cooperative" relying party?
It will probably take me a few posts to work through a complete answer, but the high level idea is that most systems are hard wired to be very inward looking when it comes to identity data. This narcissism makes the typical application a very poor relying party. In the federation space, we have taken great pains to create adapters and integration kits that help an application look outward (to a SAML assertion, for example) for an authentication credential and to some extent applications and systems can be adapted to support single sign on by relying on an external system. Of course, authentication is just the first identity task an app performs - other important identity related functions such as authorization, policy mgmt, etc. are still very much hard wired and inward looking. A cooperative relying party is one which is designed to expect an external source to provide identity functions and data beyond authentication.
On the asserting party side the story is much different. An asserting party (the supplier or provider in a federation) can be set up to serve up identity and policy data with relative ease. David Waite, always pithy and colorful, summed the contrast between asserting parties and relying parties this way..."It is easier to throw up on the floor, than it is to mop it up."
Why does this matter? The full value of federation technology can only emerge in a world full of cooperative relying parties and right now the list of them is pretty short and limited to custom developed applications built by thoughtful coders.
