More positive interoperability news from Liberty
About a year ago, the Liberty Alliance announced the successful completion of SAML 2.0 interoperability testing by 8 organisations. I
commented at the time that this was "ecouraging news". I was remiss in my blogging and didn't pick up on the addition of 4 more to the
list in November - IBM, NEC, NTT and RSA Security (now EMC of course!). I am trying to make amends now: yesterday Liberty
announced another 4 (well sort of) - Entrust, HP, Oracle and Ping Identity. Why only sort of? Oracle was in the original 8, so this appears to be a recertification of the latest release of Oracle Identity Management 10g, and HP is presumably there as a result of
the November acquisition of Trustgenix, which also featured in last year's press release.
Don't get me wrong. The double counting shouldn't detract from the fact that this is good news. The assurance that is provided by this testing - federation is about interoperability after all - is very important for potential adopters. It would be good so see the other leading enterprise identity management players (BMC and CA where are you?) joining the party. And there is, as I said last year, still the small matter of providing similar levels of assurance when it comes to the other major federation standard:
More importantly - and more challenging - is the providing similar levels of assurance in the case of interoperability with the WS-Federation, co-authored by IBM, Microsoft and VeriSign. The Burton Group's July Catalyst Conference included such demonstrations, for example from Trustgenix, but demonstrations are not enough. plus, of course, all the work going on in the world of user-centric identity (some of which is discussed
here).
Assurance will certainly help with adoption but I think
Roger Sullivan, Vice President of Business Development for Oracle Identity Management and Vice President of the Liberty Alliance, put it rather well
here:
“We do need enterprise Service Providers to begin to deploy these Identity Provider services more rapidly.” I mean that the financial institutions, government agencies, etc. should be doing the deploying of the 75 solutions that the vendors have created.So, the technology exists to solve this business problem. The question remains: Who will take my money to manage this for me securely?The promise of increased convenience, security, privacy etc for individuals will only materialise if these interoperable solutions, be they of the Liberty, WS-*,
Yadis,
DIX variety, are actually implemented. Without that, interoperability testing means very little!
