Microsoft to test interoperability of identity protocol

Microsoft next month for the first time will participate in SAML 2.0 interoperability testing using its Geneva platform to test against other vendors' implementations of the open standard identity protocol.

Microsoft will enter the testing, which has been sponsored by the Liberty Alliance since 2003, with the Beta 2 version of Geneva released last month.

At that time, Microsoft said it would add certification for the Liberty Alliance implementation of SAML 2.0 when the final code of Geneva is released at the end of 2009. Microsoft has had support for the SAML token format as part of its Identity MetaSystem, which is the foundation of the Geneva project, but not SAML's transport protocol.

The company for many years ignored the SAML protocol, but clearly it no longer holds that position.

"We welcome Microsoft's participation in the upcoming SAML 2.0 testing event," says Roger Sullivan, president of the Liberty Alliance and vice president of Oracle identity management. "The Liberty Interoperable program is trusted by businesses and governments worldwide for proving products from multiple vendors can interoperate in rigorous real-world deployment scenarios. Microsoft joins a continuously growing list of vendors participating in the Liberty Interoperable program with the goal of testing products and solutions for true SAML 2.0 interoperability."

The Liberty Alliance testing, conducted by the Drummond Group, will take place July 14 to Sept. 4. Participants pay $15,000 per product to take part.

Microsoft told the Liberty Alliance that it would seek certification for SAML's Service Provider (SP) Lite, Identity Provider (IdP) Lite and eGov profiles. The SP Lite and IdP Lite profiles are typically included in testing by vendors because the profiles are the ones most actively used by companies federating identities.

Microsoft specifically asked Liberty to publicize its entry into the testing in hopes of attracting as many other vendors as possible. The previous round of testing was done with CA, NTT Software, Ping Identity, RSA and Ubisecure. The results of the tests can be found here.       

The Liberty Alliance SAML 2.0 interoperability program and other independent implementation tests have proven useful for weeding out problems with implementations of the SAML specification. Last year, research testing uncovered a flaw in Google's implementation of SAML 2.0 in Google Apps, an error that the company later fixed.

The upcoming SAML 2.0 interoperability test is the third one put on by the Drummond Group, and the first to test against the new eGovernment SAML 2.0 profile recently released by Liberty Alliance.

The testing will be "full matrix," meaning all participants must test against each other. The test is conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by SAML 2.0.

Results will be released in the fall.

According to the testing documentation, participants must pass a series of comprehensive interoperability conformance tests. Each test series involves different implementations occupying each of the several roles necessary to complete an operation.
"In order to achieve the interoperability certification for a single role/profile, an implementation must complete the test sequence with all other complementary implementations participating in the event," the documentation says.