Microsoft, IBM and five companies that make identity management software are teaming to support the Web Services...
(WS) architecture and WS-Federation standard for sharing user identities across corporate extranets and the internet.
Netegrity, Oblix, RSA Security, OpenNetwork Technologies and Ping Identity used Microsoft's Tech Ed conference in San Diego to demonstrate their products working together using the WS-Federation standard.
The companies said that backing the WS standards will encourage the adoption of web services by making it easier to move user identities between different technology infrastructures.
Introduced in July 2003, the WS-Federation specification was developed by IBM and Microsoft and is one of seven technical specifications, including WS-Security, that make up the WS architecture.
WS-Federation describes a standard technology framework for creating and authenticating user identities, then using web services to share that identity within a company, with customers or business partners.
The goal is to make it easier for users to move between different web services environments without having to manage different user names and passwords or to continually log on and log off. For example, customers might take advantage of federated identity when moving from an employee web portal offering access to a health maintenance organisation and one offering access to retirement account information.
With broad support among software companies for the WS architecture and WS-Federation standard, firms that want to deploy new web services or build web services bridges with partner companies will not have to worry about compatibility between different identity management platforms or extra integration work to get different platforms to work together and share information, said Michael Stephenson, group product manager of the Windows Server Group at Microsoft.
"Regardless of the software they use, whether its Microsoft, Netegrity, IBM, this will allow interoperability in a seamless manner," he added.
While the integration at Tech Ed was just a demonstration, the partner companies hoped to offer more comprehensive integration of their products, based on the WS architecture in the future.
Microsoft will modify its Windows Server product to allow user and resource identities stored in active directory to be shared with environments using enterprise identity management products such as Netegrity's SiteMinder and Oblix's SHAREid, he said.
RSA said that it will offer support for WS-Federation in early 2005.
Bill Bartow, vice president of engineering at Netegrity, said that his company's products already support the WS-Security specification and that Netegrity is committed to support WS-Federation. Oblix will support WS-Federation after the specification is approved or adopted by the industry.
The WS architecture builds on work done by other groups, including the Organisation for the Advancement of Structured Information Standards (Oasis), which created the SAML (Security Assertion Markup Language), an XML (Extensible Markup Language) framework for exchanging user authentication information, and the Liberty Alliance, which has focused on creating interoperability between SAML installations.
Working with companies such as VeriSign, RSA and SAP, IBM and Microsoft added new elements specifically focused on web services deployments, such as WS-Policy, a framework for creating and communicating policies that govern interactions in a web services environment, said Dan Blum, senior vice president and research director at The Burton Group.
The Tech Ed demonstration is a sign that web services is moving toward realisation, after years of work developing the underlying technology frameworks, Blum said.
"It's a proof of concept and a sign of progress, but there's still a lot of work left to finish the [WS] specifications and deliver the dream."
The breadth of the WS architecture and the backing of major players should help cement the WS architecture as the accepted web services standard.
"It would make more sense to combine SAML and Liberty with [the WS architecture] than to create a new web services standard," he said.
Despite a show of unity from leading suppliers, customers should not expect to see real integration between identity management platforms until the release of the next version of Windows, codenamed Longhorn, in 2006, Blum said.
In the meantime, IBM and Microsoft should turn the WS specifications over to a standards group such as Oasis or the Internet Engineering Task Force, before they go too far in integrating it with their own products, or risk competing versions of the standard - one backed by leading suppliers, and the other by the standards community, he added.
Paul Roberts writes for IDG News Service