The last word on federated provisioning...for now

* Readers offer more information on federated provisioning

I'd thought we'd probably had the last word on federated provisioning, but a couple of old friends (and regular readers) had some more information which they've allowed me to share with you.

First up is Sun’s Pat Patterson (he’s a “Principal Engineer”), better known as the keeper of the “Planet Identity” blog. Pat noted in a comment to the "Federated provisioning could exist" issue in which I indicated a lack of interaction between SAML and XACML by pointing to his own blog entry “XACML and SAML - a Match Made in... 2005”. Pat notes that “Four years ago, OASIS defined the interaction between XACML and SAML in SAML 2.0 profile of XACML v2.0, part of the XACML 2.0 specification set. Since then, SAML/XACML has been implemented in a range of products, including Sun OpenSSO Enterprise, with interoperability between seven vendors' products demonstrated at the OASIS XACML Interop Demo (held at the RSA Conference, April 2008).”

I bow to his superior knowledge.

I also heard from Ping Identity’s Patrick Harding who noted that he’d written a white paper about what he calls “…the synergies of Identity Federation and User Provisioning.” You can read the paper for yourself, but I’ll just quote the summary:

“This paper provides a background of federation and provisioning concepts, functional operations, and standards. A complex provisioning use case is presented to demonstrate the potential combination of SPML and SAML in a federated environment. While many technical options exist to solve a federated provisioning use case, this paper discusses several factors that present just-in-time SAML-based provisioning as a feasible starting point.

This paper is targeted towards human resource, application, identity, or operations teams responsible for user provisioning or identity federation.

Secure Internet single sign-on (SSO) via identity federation and provisioning are two important models for identity management within and across enterprises—both becoming more and more relevant to enterprises as business processes extend beyond the enterprise boundary. This paper reviews the different standards used to support secure Internet SSO including:


* WS-Federation


Then federation and provisioning models are reviewed. Finally it concludes with a conversation regarding federated provisioning at work and implementation considerations.”

I have read it and it presents a number of interesting scenarios which can be solved through the application of federation technology and provisioning services.

Now I think we’ve heard the last word on federated provisioning for a while!

Upcoming Events: Speaking of Provisioning, my friends at Courion have a Webinar coming up (March 18, 1 PM EST) which you might be interested in. It’s called “Delivering Access Assurance for Your Business,” and will be hosted by Chris Sullivan, Courion vice president of customer solutions. According to Sullivan, you should attend this Webinar to learn the key steps required to automate and integrate your organization’s access governance, provisioning, and compliance processes. Register here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

IT Salary Survey 2021: The results are in