- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - A protocol developed by IBM and Microsoft for standardizing the sharing of user identities between companies was turned over to a standards body on Wednesday amid controversy that it overlaps with similar protocols already recognized as standards.
The Organization for the Advancement of Structured Information Standards (OASIS) says it has created a committee to guide Web Services Federation Language (WS-Federation) version 1.1 through the standards process.
The protocol, one of many in the WS-* stack of security protocols, lets companies share identities and security tokens. IBM and Microsoft developed WS-Federation in 2002 along with a number of other proprietary Web Services protocols using the “WS” naming convention. Many, such as WS-Trust, has been turned over to standards bodies, but others, such as WS-Transfer have not.
The WS-Federation specification has dependencies on both those protocols in order to function properly.
Critics of the move to standardize WS-Federation say the protocol overlaps work already done by OASIS as part of the Security Assertion Markup Language (SAML) 2.0 specification, most notably browser-based federation as part of WS-Federation’s Passive Requestor Profile. SAML 2.0 was standardized by OASIS in 2005.
Those same critics also are concerned with WS-Federation’s dependency on protocols such as WS-Transfer that are not yet standards.
“With the proposed scope, it would appear that the inevitable result can only be unfortunate duplication of existing SAML 2.0 functionality, with the consequent complexity and cost eventually assumed by technology customers,” Paul Madsen of NTT's Information Sharing Platform Laboratory wrote in a comment to OASIS on the formation of the WS-Federation technical committee.
“There is some redundancy and overlap at this point that we think is a bit confusing to the marketplace and we would like to see that more clearly defined in the work of this new OASIS technical committee,” says Gerry Gebel, an analyst with the Burton Group. “They have the opportunity to address this issue because OASIS is the home of SAML. We have seen previously where SAML 1.x and Shibboleth and Liberty Alliance ID-FF came together under that umbrella.”