Brett McDowell told us he thinks there are some similarities between the Danish call for SAML support and the recent decision by Massachusetts to standardize on the non-Microsoft OpenDocument Format.
He said that Microsoft’s decision to support its own WS-Federation spec, but not SAML, in the latest release of Windows Server 2003, will lead to more governments demanding that Microsoft support the OASIS-backed specs.
Denmark’s view is that basing e-government on privately controlled specifications that may stifle innovation is not desirable from the Danish point of view, according a new report from Interoperable Delivery of European eGovernment Services, IDABC, a European Union program.
It’s very important to be able to point to this as a reference… to show the pent-up demand for a standard in this space, McDowell said. I expect to see a lot more of this.
Denmark standardized on SAML exactly a year ago. Other national governments to support the spec include Norway, Finland, Austria and France, as well as some agencies of the US government.
SAML, for security assertions markup language, sets out ways to communicate security statements between separate access control systems, enabling federated identity and simplifying cross-domain single sign-on.
Liberty, which contributed some earlier separate specs to the SAML initiative and has wholly embraced SAML 2.0, has been pushing Microsoft to back SAML for years, but Microsoft is more interesting in WS-Federation, built in conjunction with IBM.
There have been demonstrations for about a year of interoperability between software that implement the two specs, notably at the Burton Group conference last July, but they have required a layer of translation between the two.
Sticking translation in the middle is not an ideal situation, it’s expensive for everyone and is not as effective, McDowell said.
He said that as more and more federated identity systems are rolled out — he thinks the internet is on the cusp of an identity revolution — it will become important for Microsoft to meet the demands of users such as the Danish government.
No one company can afford to sit back on their market share, he said.
A Microsoft executive indicated at the Digital ID conference in San Francisco a year ago that developing federation specs in the open, where any company can participate may not meet our technical objectives as a vendor.
While some supporters of SAML have observed a similarity between this situation and the debate in Massachusetts, where the state government standardized on ODF, despite the fact that Microsoft Office does not support it, McDowell acknowledged there are differences.
Federated identity is in its very early stages, whereas Microsoft has enjoyed many years of having its proprietary Office formats used as de facto standards, he noted.
Hoping to nip this dissent off in the bud, Microsoft’s response in Massachusetts was to lobby the state for reconsideration, and to eventually submit its own XML office document formats to the Ecma standards body for ratification.