Identity “Mash-up” Federation Demo using Multiple Protocols (OpenID and WS-Federation)

[Guest blogger Mike Jones, from the Federated Identity Team]

At the last Interoperability Executive Customer (IEC) Council meeting in October 2009, there was broad agreement to involve third party software vendors to work with IEC Council members and Microsoft on specific interop scenarios brought forward by the council members.  We are pleased to report that over the last five months, the council was able to engage in very productive discussions with PayPal on an Identity Management interoperability scenario proposed by Medtronic.

Medtronic, PayPal, and Microsoft worked together to produce a multi-protocol federated identity “mash-up” demo using multiple protocols (OpenID and WS-Federation). This demo was shown at the Internet Identity Workshop and to members of the IEC Council.  The demo shows how Medtronic customers could use PayPal identities when signing up for and participating in a medical device trial.


You can view a video of the demo here.

We called it an “identity mash-up” because claims from the PayPal identity are combined with (“mashed-up” with) additional claims added by Medtronic for trial participants to create a composite Medtronic trial identity.  Medtronic creates “shadow” accounts for trial participants, but from the user’s point of view they’re always just using their PayPal account whenever they have to sign for the trial.

It’s multi-protocol because the PayPal claims are delivered to Medtronic using OpenID 2.0, whereas the claims from Medtronic are delivered to its relying parties using WS-Federation.  It’s interop because the demo uses both .NET and the Windows Identity Foundation on Windows and PHP on Linux, with interoperable identity protocols letting them seamlessly work together.

Southworks, the company that built much of the demo, has released the source code and documentation for a proof-of-concept OpenID/WS-Federation Security Token Service (STS) based on the one used in the demo, should you be interested in prototyping something similar.

We want to thank Medtronic and PayPalfor their leadership and partnership of this effort and Southworks for their professionalism, agility, and execution.  We appreciate the opportunity to work with other industry leaders both to understand and demonstrate the interoperability that’s possible with our current product offerings and to inform the planning efforts for our future identity products.”

Mike Jones, Senior Program Manager, Federated Identity Team