Either PingID and IBM have been collaborating, or they just have the same conclusion about the ideal architecture for Federating web services.  Chris' presentation and diagrams reminded me so much of what I understood in Venkat's presentation on Federated Web Services from tuedsay that either these are self-evident truths in any Federated web services deployment or there's been some collaboration.

I will have to put together a picture to describe it but simply put, they both identify the Security Token Service (STS) as a distinct component in the IdM/WS architecture that translates from a local identity to a portable token that conforms to the relying party's requirements.   The diagrams look almost identical (except for different icons used for the components).  I'll have to see if I can corner Chris or Venkat in the next day or so to comment on that.

He also gave me my first succinct overview of WS-Trust.  I still need to do a lot of reading to grok it but I at least have the gist now.

Chris' presentation had a few points that stood out:

The Rise of Identity Intermediaries (3rd parties).  This is one that has been talked about since the first DIDW that I attended in 2002 (I think, or was it 2003?).  Carol Coye-Benson did a memorable presentation on how the VISA model of reconciliation would be a good one for Identity to adopt if the business agreements for transition of liability with transactions could be established.  If that were the case then an Identity intermediary would be a useful, if not profitable, role in the Identity Ecosystem.

I've seen the attempted emergence of Service Aggregators in the Mobile Data services industry purporting to bring access to a group of service providers to cellular access providers.  In a sense they could be considered an Identity Intermediary because they would be conveying the Carrier's customer identities to the existing services with minimal integration effort.  But these are low-value transactions so they are low-risk (photo downloads, Ringtones, etc) and hence not the subject of discussions like Carol's.

Federation is the right place for Claims Transformation in Web Services.  Thinking about this one after-the-fact it makes even more sense.  A federation agreement between two organizations would require pre-negotiation of accepted token formats to start federating, so it logically makes sense to implement that token translation function with Federation implementation.  From what I understand the WS-* stack uses WS-Trust for this so I wonder how (and if) Liberty will do the same or can leverage WS-Trust in the same capacity. 

All they need to do now is Standardize it.  How long could that take?