I read with great interest Kim Cameron’s most recent post about the Beta release of Zermatt, Microsoft’s new identity application development framework. It is a step towards the kind of programming framework that I have been talking about and working on with my colleagues at Oracle for a while now. So I am just a little bit jealous that Microsoft beat us to it. But at Oracle, we have a whole different set of challenges that we are dealing with.
Coincidentally, the version we are developing internally is code-named IDx (According to Kim, Microsoft’s internal name for Zermatt used to be IDFX). The first version is being built as the underlying platform for Fusion Applications. But my main job on this project is to make sure that it does not end up as an Oracle proprietary framework, and can become a true development platform on which anyone can build identity-enabled applications, running on top of any identity management provider (MS, Oracle, Sun, etc.).
That is a challenging task and requires a strong standard API to be built and undergo api testing, for an abstraction between the application and the identity management providers supporting it. One of my hopes for the Burton Groups Identity Services Working Group is that they will help us ratify what this standard interaction needs to be (of course, we are planning on contributing in a major way to the definition of these APIs, and have been working hard on some aspects of these as part of the IGF initiative). Hopefully, we can do the right thing, and justify Pamela’s optimism for the future.
Zermatt allows applications to incorporate a claims-based identity model for authentication and authorization. The claims-based model is one that I brought up in my talk at DIDW almost one year ago. Microsoft has published a whitepaper in conjunction with the Beta release, and I’ll be taking a look at it to learn and to contrast it with our approach. I’ll talk about my thoughts on Zermatt in the upcoming weeks.