Skip Links

Microsoft passes its first SAML 2.0 interoperability test

SAP, Siemens also participate, pass for first time

By , Network World
September 30, 2009 01:41 PM ET

Network World - Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol.

11 security companies to watch

The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants – SAP and Siemens. Return testers Entrust, IBM, Novell and Ping Identity also passed. Results were announced Wednesday.

"The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others' SAML 2.0 implementations. This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft.

In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company previously supported the SAML token, but never the transport profiles of the protocol.

"It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases."

Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. The company says it plans to support other SAML profiles based on demand.

The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously. In addition, it was the first test of the eGovernment SAML 2.0 profile v1.5 developed by the United States, New Zealand and Denmark.

"The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments."

"Full matrix" testing means all participants must test against each other. The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification.

Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace.

Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. The SAML profiles ADFS 2.0 supports cover the core features of federation.

ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture. ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News