Last issue, we talked about the Liberty Alliance's recent conformance testing results and I promised you a look at a more all-encompassing group of interoperability tests. These tests were done under the auspices of Organization for the Advancement of Structured Information Standards, the foremost proponent of XML as the lingua franca of business data exchanges, including those in the identity management arena.
At last week's XML 2003 conference in Philadelphia, OASIS and its members collaborated on separate interoperability demonstrations of five different OASIS Standards and specifications: Electronic Business XML (ebXML), Security Assertions Markup Language (SAML), Universal Business Language (UBL), Web Services Reliability (WS-Reliability), and Extensible Access Control Markup Language (XACML).
All five specs involve identity management to a greater or lesser extent. SAML, of course, is the underlying mechanism used by the various federated identity schemes, one of which - WS-Federation - also encompasses WS-Reliability.
XACML is a language that describes a namespace for the expression of authorization policies in XML. UBL and ebXML are more generalized business-to-business languages (ebXML is actually a family of protocols) which could be seen to be an outgrowth of and an extension to the older Electronic Data Interchange (EDI) formats x11 and EDIFACT. Identity, authentication and authorization have parts to play in all of these.
You can read all of the details at BusinessWire (link below), but I'll outline the highlights here.
There were actually four demos presented (one covered multiple protocols):
* Interoperability Using Test Frameworks - ebXML in a Supply-Chain environment.
* WS-Reliability - A demonstration of guaranteed message delivery involving Fujitsu, Hitachi, NEC, Oracle and Sun.
* Epidemic Management Using OASIS ebXML, UBL and XACML - A real-world test of disseminating information about a health problem.
* Web Services for Remote Portlets - Reuse of "mini-portals" and gadgets (so-called "portlets") for multiple sites.
The WS-Reliability demo should be of interest to you as it is part of the infrastructure necessary for WS-Federation. The presentation demonstrated the ability of the companies involved to deliver a message, guarantee no duplicate messages and order messages as part of a transaction while all sorts of nasty things (outages, re-routings, etc.) were occurring on the network.
The Epidemic Management demo should also be of interest since authentication and authorization are extremely important to medical information, which must be gathered, analyzed and disseminated quickly, yet authoritatively, while still protecting patients' privacy.
Read about the demos yourself, contact the companies that were involved for further information about those areas of most interest to you, and be prepared for some exciting times in the near future as all of the work on standards and protocols comes to fruition in actual, working products.
We're taking a break for the holidays, so there'll be no newsletters for the next two weeks but right after the first of the year I'll be back with a look at what's been accomplished in the world of identity management 2003 and a preview of what to expect in 2004. Happy holidays!