Positive developments in the world of federated identity
Yesterday, the
Liberty Alliance Project announced that products from 8 organisations - the Electronics & Telecommunications Research Institute, Ericsson, Novell, Oracle, Reactivity, Sun Microsystems, Symlabs and Trustgenix - had successfully completed interoperability testing based on
Liberty's Identity Web Services (ID-WSF) version 1.1 and
OASIS' Security Assertion Markup Language (SAML) version 2.0 specifications. This is an important event in the world of federated identity standards.
SAML 2.0 represents the convergence of a number of federated identity standards - Liberty's Identity Federation Framework (ID-FF), SAML 1.0 and
Shibboleth (an Internet2 project focussed on identity federation in the academic community) - and goes a long way to simplify the previously fragmented standards landscape, whilst ID-WSF provides a framework to enable web services-based interaction between users, service providers and identity providers and extends the reach of identity federation to business-to-business scenarios. Whilst the specifications promise interoperability, conformance testing provides organisations with the much needed assurance that the promise has been realised (at least within the constraints of the test specification). The Liberty Alliance Project, as well as the 8 vendors, are to be applauded for demonstrating interoperability within 6 months of the
ratification of the SAML 2.0 specification. It is all well and good establishing mechanisms for interoperability and conformance testing - but the value dimishes as the gap between ratification (and support by vendors) and successful testing lengthens (
WS-I take note!).
Of course, as with many things standards, that's not the end of the story. Other vendors, particularly the major enterprise suppliers such as BMC, CA and IBM need to provide customers with similar levels of comfort. A combination of customer demand and competitive positioning are likely to force the issue.
More importantly - and more challenging - is the providing similar levels of assurance in the case of interoperability with the
WS-Federation, co-authored by IBM, Microsoft and VeriSign. The Burton Group's July Catalyst Conference included such demonstrations, for example from
Trustgenix, but demonstrations are not enough. The growing momentum around the
Kim Cameron-initiated "
identity metasystem" holds much promise in this regard. Only yesterday, for example, we saw the emergence of an
incubation subproject at Apache known as the Trust Services Integration Toolkit (TSIK) which is looking to "to implement WS-* standards as they are developed, in particular the ones related to implementation of a federated ID protocol such as Microsoft's InfoCard, but also other federated ID protocols could be of interest, for example, Liberty Alliance,
Sxip networks,
Identity Commons,
LID NetMesh,
Passel.org."
Encouraging signs indeed.
