Standards emerge Standards evolution Where standards converge Three Liberty standards What about Shibboleth? A logical view of SAML 1.x

Federation is the dominant trend in identity management. But many users still aren't sure what federated ID management is, how it can benefit them or how they can implement it as part of the evolving new data center architecture.

Essentially, federated ID management is a result of the modern world of distributed network services and refers to establishing trust relationships among decentralized security and policy domains. With a federated ID environment, a layer of abstraction is implemented over legacy identity and security domains. Using standardized methods, each domain can share its local identity and security information while retaining its own internal directory, metadirectory, account provisioning and public-key infrastructure services.

Many IT professionals have heard of federated ID initiatives such as the Security Assertion Markup Language (SAML), Liberty Alliance and WS-Federation, but aren't clear on whether, how and to what extent these specifications overlap or complement one another. They wonder whether the technology is ready to use in their new data center architectures. Rest assured, federated ID deployment is growing rapidly, delivering solid benefits for pioneers even as standards makers work to ease the way toward tomorrow's implementations.

Standards emerge

The primary federated ID standards vying for a place in your infrastructure are SAML 1.1, Liberty Alliance Identity Federation Framework 1.2 (ID-FF) and Identity Web Services Framework 1.0 (ID-WSF), and WS-Federation 1.0.

While implementing custom-built federated ID environments also is possible, such interfaces aren't easily extensible to new partners and applications. That's what one multinational financial services firm found when it built a federated business-to-business ID environment using a proprietary approach. The firm's federated ID environment, built three years ago, lets employees log on to an internal employee portal and, through that site, access partner Web sites. They do so on a single sign-on (SSO) basis.

"With [the emergence of] SAML, we've gotten push back from external partners because our federation approach is proprietary. That has spurred us to implement SAML, which has come up as a top priority," says a project leader for Web services security at the firm who asked not to be named.