Microsoft, IBM, and five companies that make identity management software are teaming to support a shared standard for online identities, which may allow online shoppers, for example, to log in once instead of repeatedly at every site.
The companies agreed to share the Web Services (WS) architecture and WS-Federation standard for sharing user identities across corporate extranets and the Internet.
Netegrity, Oblix, RSA Security, OpenNetwork Technologies, and Ping Identity are demonstrating their products working together using the WS-Federation standard at Microsoft's Tech Ed conference in San Diego this week. They say backing the WS standards will encourage the adoption of Web services by making it easier to move user identities among different technology infrastructures.
Easier for Users
Introduced in July 2003, the WS-Federation specification was developed by IBM and Microsoft and is one of seven technical specifications, including WS-Security, that make up the WS architecture. WS-Federation describes a standard technology framework for creating and authenticating user identities, then using Web services to share that identity within a company, with customers, or with business partners.
The goal is to make it easier for users to move among different Web services environments, such as e-commerce sites, without having to manage different user names and passwords and continually log on and log off. For example, customers might take advantage of federated identity when moving from an employee Web portal offering access to a health maintenance organization, and then to one offering access to retirement account information.
With broad support among software vendors for the WS architecture and WS-Federation standard, companies can deploy new Web services or bridges to partner companies without worrying about compatibility among identity management platforms, says Michael Stephenson, group product manager of Microsoft's Windows Server Group.
"Regardless of the software they use, whether it's Microsoft, Netegrity, IBM, this will allow interoperability in a seamless manner," he says.
The integration at Tech Ed is just a demonstration, but the partner companies hope to soon integrate their products more comprehensively based on the WS architecture.
Microsoft will modify Windows Server to support the new standard, Stephenson says. User and resource identities stored in active directory will be able to be shared with other environments that use compliant products such as Netegrity's SiteMinder and Oblix's SHAREid.
RSA says it will support WS-Federation by early 2005.
Netegrity products already support the WS-Security specification, and Netegrity will support WS-Federation, says Bill Bartow, Netegrity vice president of engineering, in a statement. Oblix will support WS-Federation after the specification is approved or adopted by the industry, according to a company statement.
The WS architecture builds on work by other groups. Contributors include the Organization for the Advancement of Structured Information Standards, which created the Security Assertion Markup Language (SAML), an XML framework for exchanging user authentication information. It also draws on work by the Liberty Alliance, which has focused on creating interoperability between SAML installations. Intel recently joined that organization.
Working with companies like VeriSign, RSA, and SAP, IBM and Microsoft added new elements specifically focused on Web services deployments, says Dan Blum, senior vice president and research director at The Burton Group.
The Tech Ed demonstration is a sign that Web services are nearing reality, after years of work developing the underlying technology frameworks, Blum adds.
"It's a proof of concept and a sign of progress, but there's still a lot of work left to finish the (WS) specifications and deliver the dream," he says.
The breadth of the WS architecture and the backing of major players should help cement the WS architecture as the accepted Web services standard.
"It would make more sense to combine SAML and Liberty with [the WS architecture] than to create a new Web services standard," Blum says.
Work Still Ahead
At least one participant in the Tech Ed demonstration sees evolution, more than conflict, shaping the development of standards for Web services.
"Its not an either-or with the Liberty Alliance and WS-Federation," says Amit Jasuja, Netegrity vice president of product management. "The standards for federation are maturing, with each subsequent release, they're converging and taking new requirements from new communities."
Despite a show of unity from leading vendors, customers shouldn't expect to see real integration between identity management platforms until the release of the next version of Windows, code-named "Longhorn," in 2006, Blum says.
In the meantime, Blum says IBM and Microsoft should turn the WS specifications over to a standards group such as OASIS or the Internet Engineering Task Force, before they go too far in integrating it with their own products. Otherwise, the vendors risk the birth of competing versions of the standard--one backed by leading vendors, and the other by the standards community, he says.