Fellow Vancouverite Boris Mann points me to a couple of proposals in the same general space as MISO. The Flickr Services protocol is pretty typical - it's a nice, fairly clean system for sharing auth information between a single centralized server and a known set of services. That doesn't scale beyond a tight cluster of related sites however: for one thing, the more sites are under a single sign-on umbrella, the more I need to trust the authenticating authority involved, to the point that if there are enough services I probably want to host my own authenticating authority, in the same way that I host my own email. For that, you need a more distributed approach. SDSI is one such approach, from Ron Rivest of RSA fame. In the basics, it reminds me a lot of MISO (or, since it came long before, I should say that MISO is reminiscent of it). For example:
Our system is ``key-centric'': SDSI principals are public digital signature verification keys. These public keys are central; everything is based around them. The notion of an ``individual'' (e.g. person, corporation, process, or machine) is not required. Of course, such individuals will actually control the associated private keys, so that the public/private keys can be viewed as ``proxies'' for those individuals.
However, it has a much broader scope than MISO does, covering groups and ACLs as well as simple authentication, and so it doesn't satisfy the minimalism goal.
The other thing that keeps coming up is FOAF; I don't see any reason why a MISO profile couldn't be in FOAF format if that's what people want.
Previous Topic
