Exchanging Identity Data
Our goal of creating consistent sources of identity data, combined with the realities of modern distributed organizations, means that there is not likely to be a centralized source of all identity data. Consequently identities will be exchanged between systems, and we should plan for that as part of our data architecture.
We've discussed XML standards for exchanging identity data in Chapter 6 and 11. SAML is a standard for exchanging assertions about identity, including access-control information and properties of the identity record. SPML is used to exchange identity data for purposes of provisioning identity systems. XrML is used to exchange information about rights for digital resources.
These standards and others like them should be the basis for your data exchange strategy. Don't discount the power of standard exchange formats for your data. Whenever you need to exchange identity data, look first at the external standards that are available and choose one of those. Using an external standard is always preferable to creating proprietary internal standards for several important reasons:
You can buy tools that support those standards.
You can hire consultants who understand them.
Thousands of people all over the world are thinking of interesting ways to use them.
Also remember that many XML-based standards are extensible through namespaces and can probably be adapted to suit your needs even when they don't match exactly.
But, suppose that you can't find an external ...
Get Digital Identity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
