Boeing lets single sign-on project fly

SAN FRANCISCO - Boeing last week made public the first phase of a standards-based identity management project that could serve as an industry model for integrating single sign-on access controls across business partners' networks.

At the Burton Group Catalyst conference, the airplane maker unveiled the deployment of a project with Southwest Airlines that provides the carrier's mechanics access to electronic repair manuals on Boeing's internal networks based on the mechanics' regular logon to Southwest's network.

Boeing described the deployment as the beginning of a "seamless business Web" that will simplify business-to-business relationships and validate the integration power of Web services.

The seamless relationship means that Southwest employees need only their single corporate logon to access data they need from their employer network and from corporate-partner Boeing.

And it provides Boeing with a centralized, scalable, extensible and secure standards-based mechanism it can reuse among business partners to control Web-based access to its internal applications and data.

The deployment is significant not only for the efficiencies and cost savings it provides, but because it is the marquee rollout of a single sign-on system that's based on the Security Assertion Markup Language (SAML), an XML-based standard protocol for exchanging user authentication and authorization data across corporate systems.

SAML was developed by the Organization for the Advancement of Structured Information Standards (OASIS) and has gained favor mostly through support in Web access management products and the Liberty Alliance, a consortium developing a federated identity framework. OASIS says it hopes to make available on its Web site details of Boeing's SAML deployment as a reference architecture.

"If we can deliver services to our customers that they can integrate into their environments then we become indispensable," says Mike Beach, associate technical fellow for security and directory services at Boeing. "We think SAML is huge."

How they do it

Boeing uses SAML to streamline access to its MyBoeingFleet Web portal, which provides customers access to data required to operate and maintain Boeing aircraft. Single sign-on lets Boeing make the data directly available in a maintenance hangar without having to provide and maintain a set of user credentials for Southwest employees. Southwest mechanics use notebook computers to display electronic manuals right at their work sites.

Using customized Web access management software from Oblix, Boeing created a single sign-on environment that supports thousands of users at Southwest. The airline operates 350 Boeing 737s in 58 cities.

The mechanics access the Southwest site using their corporate logon. In the background, the user is passed a Southwest SAML-enabled encrypted cookie. From a portal application, the users can see their daily work responsibilities, including which airplanes they are assigned to repair and links to the manuals they will need.