- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Last issue we looked at some of the responses that Ping Identity, sponsor of the SourceID Web site, received when it recently surveyed folks who downloaded its open-source Liberty Alliance tool kit. Ping wanted to find out more about the downloaders' federation projects. While there weren't many surprises in the survey results (e.g., more than 50% of the 157 respondents were with U.S. companies and almost three-fourths were from English-speaking countries), the results to questions about standards and protocols might raise an eyebrow or two.
When asked about the priority of federation protocols, it wasn't surprising that the Liberty Alliance protocols out-polled the WS-Federation protocol (favored by IBM and Microsoft) since the respondents were specifically those who downloaded a Liberty Alliance tool kit. But even adding together those who preferred Liberty phase II with those who preferred Liberty phase I (a total of 42% of the respondents) they were still outweighed (at 49%) by those who favored Versions 1.0, 1.1 and 2.0 of the Security Assertion Markup Language (SAML).
SAML is the transport mechanism for the Liberty Alliance proposals, and one of the allowed transports for WS-Federation, but it appears that a number of projects are working directly with SAML and by-passing the "higher" layers of the two competing standards.
It might be that the projects being talked about are all early stage developments, with the SAML parts being worked on now while the developers look to see which of the two competing standards will emerge with an edge - or, perhaps, a consolidation or merger might occur with one standard being created from the two we currently have. If you think that's a likely scenario, then it would be wise to put off any development at that upper level until the parameters of the eventual standard begin to take shape.
Another of the survey questions asked downloaders what additional protocols were "of interest" to them vis-à-vis federation. The big winner there was OASIS' eXtensible Access Control Markup Language (XACML), with 49%, followed by Service Provisioning Markup Language (SPML) at 29%, and eXtensible Resource Identifier (XRI) with 14%. A scattering of other protocols took 8% of the responses.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment