A specification, by IBM and Microsoft, for standardizing the way companies share user and machine identities among disparate authentication and authorization systems spread across corporate boundaries. RSA Security, BEA Systems and VeriSign helped the two vendors develop the specification.
WS-Federation is part of an overall effort by IBM and Microsoft to build a Web services security framework, or WS-Security.
WS-Federation has three functional parts, including the Web Services Federation Language, which defines how different security realms broker identities, user attributes and authentication between Web services. The specification also includes Passive Requestor Profile, which describes how federation helps provide identity services to HTTP 1.1-based Web browsers, Web-enabled cell phones and devices; and Active Requestor Profile, which does the same for applications based on Simple Object Access Protocol and other smart clients.
According to the specification, the specific goals of WS-Federation are: "Enable appropriate sharing of identity, authentication, and authorization data using different or like mechanisms; Brokering of trust and security token exchange; Local identities are not required at target services;Optional hiding of identity information and other attributes."
Additional resourcesThe WS-Federation specification
Federation of Identities in a Web Services
IBM/Microsoft white paper that discusses the issues behind federation. In PDF.
Web Services research center
Latest Web services news and analysis from Network World Fusion.
Add a comment