Tuesday, June 8, 2010

InCommon Certificate Service

The InCommon Federation recently announced their offering of a new X.509 certificate service.

Personally, I think this is a great step in the right direction for the U.S. higher education and research community, who need good identity services for collaboration. InCommon has served as a focus point for Shibboleth and SAML-based services, and I think they are a good organization to expand to take on other identity technologies such as X.509. My personally view is that we'll never have one identity technology and we'll always be dealing with a mix - SAML, OpenID, X.509 being the obvious big three (with Kerberos and SSH keys having their niches and of course the ubiquitous username and passswords).

A good question is "what does this mean for the community served by the International Grid Trust Federation (IGTF)?" The IGTF currently serves an an accreditation body for the use of X.509 in most "Grid" projects. If the InCommon certificate service takes off (which I'm guessing it will), the pressure to use its certificate for those Grid projects will be strong and could potentially become the 800 pound gorilla in the room.

IGTF has done some good work defining standards for X.509 usage, and I think this is a good opportunity for them to collaborate with InCommon in bringing that work to this new service. As usual, the challenge will be getting busy people to pay attention and talk.

In the meantime, I expect translation services (which handle both technical and policy translation) to continue to play a significant role.