Microsoft, IBM and five companies that make identity
management software are teaming to support the Web Services (WS)
architecture and WS-Federation standard for sharing user identities
across corporate extranets and the internet.
Netegrity, Oblix, RSA Security, OpenNetwork Technologies and
Ping Identity used Microsoft's Tech Ed conference in San Diego to
demonstrate their products working together using the WS-Federation
standard.
The companies said that backing the WS standards will encourage
the adoption of web services by making it easier to move user
identities between different technology infrastructures.
Introduced in July 2003, the WS-Federation specification was
developed by IBM and Microsoft and is one of seven technical
specifications, including WS-Security, that make up the WS
architecture.
WS-Federation describes a standard technology framework for
creating and authenticating user identities, then using web
services to share that identity within a company, with customers or
business partners.
The goal is to make it easier for users to move between
different web services environments without having to manage
different user names and passwords or to continually log on and log
off. For example, customers might take advantage of federated
identity when moving from an employee web portal offering access to
a health maintenance organisation and one offering access to
retirement account information.
With broad support among software companies for the WS
architecture and WS-Federation standard, firms that want to deploy
new web services or build web services bridges with partner
companies will not have to worry about compatibility between
different identity management platforms or extra integration work
to get different platforms to work together and share information,
said Michael Stephenson, group product manager of the Windows
Server Group at Microsoft.
"Regardless of the software they use, whether its Microsoft,
Netegrity, IBM, this will allow interoperability in a seamless
manner," he added.
While the integration at Tech Ed was just a demonstration, the
partner companies hoped to offer more comprehensive integration of
their products, based on the WS architecture in the future.
Microsoft will modify its Windows Server product to allow user
and resource identities stored in active directory to be shared
with environments using enterprise identity management products
such as Netegrity's SiteMinder and Oblix's SHAREid, he said.
RSA said that it will offer support for WS-Federation in early
2005.
Bill Bartow, vice president of engineering at Netegrity, said
that his company's products already support the WS-Security
specification and that Netegrity is committed to support
WS-Federation. Oblix will support WS-Federation after the
specification is approved or adopted by the industry.
The WS architecture builds on work done by other groups,
including the Organisation for the Advancement of Structured
Information Standards (Oasis), which created the SAML (Security
Assertion Markup Language), an XML (Extensible Markup Language)
framework for exchanging user authentication information, and the
Liberty Alliance, which has focused on creating interoperability
between SAML installations.
Working with companies such as VeriSign, RSA and SAP, IBM and
Microsoft added new elements specifically focused on web services
deployments, such as WS-Policy, a framework for creating and
communicating policies that govern interactions in a web services
environment, said Dan Blum, senior vice president and research
director at The Burton Group.
The Tech Ed demonstration is a sign that web services is moving
toward realisation, after years of work developing the underlying
technology frameworks, Blum said.
"It's a proof of concept and a sign of progress, but there's
still a lot of work left to finish the [WS] specifications and
deliver the dream."
The breadth of the WS architecture and the backing of major
players should help cement the WS architecture as the accepted web
services standard.
"It would make more sense to combine SAML and Liberty with [the
WS architecture] than to create a new web services standard," he
said.
Despite a show of unity from leading suppliers, customers should
not expect to see real integration between identity management
platforms until the release of the next version of Windows,
codenamed Longhorn, in 2006, Blum said.
In the meantime, IBM and Microsoft should turn the WS
specifications over to a standards group such as Oasis or the
Internet Engineering Task Force, before they go too far in
integrating it with their own products, or risk competing versions
of the standard - one backed by leading suppliers, and the other by
the standards community, he added.
Paul Roberts writes for IDG News
Service