Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
How Apple's billion dollar sapphire bet will pay off
iPhone 6 rumor rollup for the week ending April 18
Arista co-founder may have switch maker by its jewels
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
BlackBerry Releases BES 10 Security Update to Address 'Heartbleed' Flaw
Verizon: Web apps are the security punching bag of the Internet
Cisco announces security service linked with new operations centers
Dell launches virtual storage accelerator, aims to boost SAN performance
Free OS X Mavericks now powers half of all Macs
Even the most secure cloud storage may not be so secure, study finds  
3D printing will transform these five industries
Most but not all sites have fixed Heartbleed flaw
NEC launches face-recognition protection for PCs
Hundreds of medical professionals targeted in multi-state tax scam
Super-high frequencies could one day deliver your mobile video
Americans cool with lab-grown organs, but not designer babies
IT Departments Not Losing Ground to Managed Service Providers (Yet)
Where's my gigabit Internet, anyway?
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards

Federation key to Web services

Related linksToday's breaking news
Send to a friendFeedback

Kobielus archive

Heterogeneity rules in network security environments. In the stubbornly multiorganizational, multidomain and multivendor world of Web services, the political concept of "federation" takes on new meaning. Federation describes scenarios in which no one group or organization manages all users and resources in a distributed application environment. Instead, administrators in diverse domains must manage local security policies that support mutually beneficial transactions among their respective spheres of operation.

The term federation derives from the Latin word for trust. In the world of distributed network services, the term refers to the need for trust agreements among decentralized security and policy domains. Federation lets access-management functions span diverse organizations, business units, sites, platforms, products and applications. Federation requires that an organization trust each trading partner to authenticate its own users' identities. In a federated environment, a user can log on to his home domain and access resources transparently in external domains, such as those managed by customers or suppliers, subject to various policies defined by home and external administrators.

You increasingly will see the term federation used with a new security standard, the XML-based Security Assertions Markup Language (SAML) 1.0, which is nearing ratification by the Organization for the Advancement of Structured Information Standards (OASIS). Web access-management vendors such as IBM/Tivoli, RSA Security/Securant, Netegrity, Oblix, Entegrity, Entrust Technologies and Sun/iPlanet have rallied around SAML 1.0 as a means for establishing standards-based interoperability among their products. As these vendors sell their wares into corporations large and small, SAML-based federation will be critical to knitting organizations' diverse access-management environments into unified business-to-business supply chains.

So what precisely is SAML 1.0? At its heart, the standard defines XML/Simple Object Access Protocol-based protocol interactions that support real-time authentication and authorization across federated Web services environments. The standard defines request and response messages that security domains use to exchange authentication, attribute and authorization information in the form of trust-assertion messages about named users and resources. Users log on to their home domains through authentication techniques such as ID/password or Kerberos, and this authentication is communicated to a federated destination site through a SAML authentication assertion.

In coming months, SAML-based products will be promoted so aggressively that we'll have to remind ourselves of the standard's immaturity, limited commercial availability and functional constraints. For starters, SAML 1.0 is not yet a ratified OASIS standard and won't likely attain that status until mid- to late summer. In addition, there are few SAML-enabled Web access-management products on the market, though standards-compliant products will become increasingly available over the coming year.

But an even more pressing concern is the need for SAML deployment guidelines. Web access-management vendors will need to help users implement SAML federation profiles without getting lost in the sundry technical options that the standard allows - or doesn't address at all.

During the next several months, Web access-management vendors will address interoperability issues among their SAML 1.0 implementations. If all goes well with initial interoperability testing, expect to see some commercial SAML 1.0-enabled products this year. But it may take several years before SAML-based products mature to the point where users can implement federated single sign-on and authorization scenarios without having to write excessive amounts of custom code to bridge divergent vendor implementations of the core standard.

In any event, we can't afford to ignore SAML. Federation is no fad, and SAML will become a key standard for bridging security domains across Web services environments.


Kobielus is an Alexandria, Va.-based analyst with The Burton Group, an IT advisory service that provides in-depth technology analysis for network planners. He can be reached at (703) 924-6224 or

More info on the protocol.

Baltimore Tech first to add SAML
Network World, 4/29/02.

Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.