* Talking identity with IBM at Catalyst 2005
I’m going to spend the next few newsletters going over the conversations I had with the many vendors that attended the recent Catalyst conference. But before I get to that, a note about something I said last month.
In the June 20 newsletter, http://www.networkworld.com/newsletters/dir/2005/0620id1.html, I talked about the Converge conference for users of Courion’s software and ended by saying that I would let you know what I discovered at the show. A number of you have written – and almost everyone at Courion has – to ask what happened to the additional coverage. Truth is, I did write about it, but wound up publishing it in the Wired Windows column in Network World http://www.networkworld.com/columnists/2005/062705kearns.html, rather than in the newsletter. I apologize for not noting that sooner.
Another thing I had promised to do (at least, promised to IBM Identity Media Relations Wizard, Libra White) was to talk about the new Tivoli Federated Identity Manager. I had talked to the IBM identity gurus (Venkat Raghavan and Joe Anthony) at the Digital ID World show in May and somehow never got around to writing about our meeting. I did catch up with the two gurus again at Catalyst where we talked about federation and about Web services.
Tivoli Federated Identity Manager supports role-based access control (RBAC) and supports most identity protocols (Liberty, Shiboleth, SAML, WS-Federation, WS-Security and WS-Trust). This is a long awaited offspring of the IBM acquisitions of Access360 and MetaMerge, and should go a long way towards helping enterprises to:
* Simplify integration between those companies and their partners’ Web sites, including simplified session management.
* Improve business compliance by helping to reduce security exposure.
* Improve end-user experience through single sign-on.
* Expand business reach of service providers creating revenue-generating opportunities.
* Simplify administration of security in cross-enterprise business processes by delivering “security as services.”
* Deliver policy-based integrated security management for SOA Web services.
It’s a well-designed, well-implemented addition to both the Tivoli line of identity products as well as to the burgeoning list of federation servers (Ping ID, Symlabs, MaXware, Oracle and the upcoming Windows 2003 Server R2).
At Catalyst, Raghavan, Anthony and I talked about the announcement jointly made by IBM and Microsoft that more of the Web Services Initiative (the so-called WS-* specifications) would be turned over to the neutral standards body, OASIS https://www.oasis-open.org/committees/tc_cat.php?cat=ws for stewardship. WS-Trust, WS-SecureConversation, and WS-SecurityPolicy will all be given over to OASIS Technical Committees for review and approval as well as for ongoing maintenance.
This is a small, but significant, step towards getting identity exchange based on WS-* actually implemented. For some reason, WS-Federation (which has been finished for over a year) has yet to be turned over to OASIS. Anthony promised this would happen “soon,” but gave no indication of when – or why it was taking so long.
Still, the significance here goes beyond the two announcements as IBM positions itself as the bridge between the Microsoft camp (WS-*) and the rest of the world (Liberty Alliance).




