Liberty said Wednesday its specifications have been developed in response to customer needs, based on Security Assertion Mark-up Language (SAML), and that they are capable of spanning multiple assertion types and transmission layers.
Representatives for the organization spoke after IBM and Microsoft spent Wednesday morning evangelizing for WS-Federation, the latest milestone in the companies’ WS- roadmap for secure, reliable web services messaging and identity.
IBM and Microsoft demonstrated interoperability of WS-Federation at the Burton Group’s Catalyst Conference in San Francisco, California.
The demonstration illustrated the potential for PC and browser-based users to securely access ordering and supply data held in different systems with single sign-in via WS-Federation.
WS-Federation uses XML to describe how security features, such as encrypted identity, flow through multiple systems and is also capable of defining attributes and pseudonyms to individual users. The latter allows a so-called identity provider to keep an end-user’s actual identity anonymous by providing a covering identity.
WS-Federation is part of a Microsoft and IBM roadmap that includes WS-Security, WS-Trust, WS-Reliable Messaging, WS-Transaction, WS-Co-ordination and WS-Policy. The companies have developed specifications, some of which still await submission to standards groups, with partners like Verisign Inc.
Microsoft said the framework-based nature of the WS- architecture means a customer could remove WS-Security or WS-Reliable Messaging from a system, for example, yet WS-Federation would continue to work because the message is parsed in XML
Commenting on delivery of WS-Federation, Microsoft XML architect John Shewchuck told Catalyst delegates the companies had completed all the major pieces to build secure, reliable communications for federated identity-based systems.
He said the WS- specifications provide flexibility because they will work with customers’ existing security assertions including SAML, Kerberos, X509, XRML, custom tokens, passwords and user names.
Liberty, he pointed out, is based only on SAML. The WS- specifications also use multiple transport mechanisms, while Liberty uses Simple Object Access Protocol (SOAP).
As such, Microsoft and IBM believe Liberty is a single solution that should become an application leveraging the WS- roadmap, while the WS- technologies utilize Liberty’s work on business and user requirements.
Countering Microsoft, though, Liberty pointed out while Liberty it is based on SAML, SAML assertions can be written either by Liberty, customers or ISVs themselves that support existing security mechanisms such as Kerberos, PKI and passwords.
Additionally, Liberty said there are no restrictions in its architecture that prevent the use of SMTP or any other transport mechanisms beyond the currently supported SOAP.
We provide a modular and extensible architecture, said Liberty alliance board member Larry Abrahams.
He added that the Liberty’s specifications were developed in response to the demands of customers – a strong constituency in Liberty’s membership – to help ensure vendors who adopt the specifications are able to interoperate with each other.
Shewchuck had called it interesting customers had, via Liberty, chosen to build infrastructure when IBM and Microsoft offer infrastructure. There’s solid infrastructure to be had elsewhere, Shewchuck told ComputerWire after the interoperability demonstration.
The whole point of Liberty is protocol and standards interoperability. It will let companies choose from vendors [products] with a greater degree of certainty that the specifications interoperate, Abrahams said.
Source: Computerwire
