A paper to make sense of federation protocols

Opinion
Sep 14, 20052 mins

* An identity federation primer

SAML, ID-FF, ID-WSF, WS-Fed – if these abbreviations, acronyms and the general alphabet soup surrounding identity federation leaves you begging for a primer, your prayer has been answered. HP’s Jason Rouault has written a paper, “Making sense of the federation protocol landscape” which is available in HTML and PDF formats.

Rouault certainly knows what he’s talking about. Described by HP as a “distinguished technologist,” Rouault leads the Office of Technology for the Identity and Security Management business of HP OpenView. He’s responsible for the security strategy, architecture, and planning of OpenView and its identity management services (all ID products at HP are under the OpenView aegis).

In addition, Rouault represents HP in the Liberty Alliance Project. Within the Liberty Alliance, Rouault has served as chair of the Technology Expert Group and as editor of its specifications. Like I said, he knows whereof he speaks.

While the paper does contain HP marketing material (the last 4 pages) the rest is relatively unbiased. Either stop reading after 10 pages, or consider the HP information as the “advertising” which is paying for the content. And it is good content.

He opens with a very good definition of federation: “Federation is the combination of business and technology practices to enable identities to span systems, networks, and domains in a secure and trustworthy fashion. This is analogous to how passports are used to assert our identity as we travel between countries. An important thing to note is that these domains may exist both within and between enterprises. The main purpose of federation is to share identity information across heterogeneous systems and identity platforms.”

Rouault then goes on to give concrete and illustrated examples followed by a closer look at some of the protocols and conventions used in federation: Security Assertion Markup Language (SAML), Liberty ID-FF, Shibboleth, WS-Federation and Liberty ID-WSF. He concludes with a note on convergence of the standards and a look at where they are headed, a “future view” of protocols in general and a deployment timeline that could be useful as you begin to look at long-term federation projects.

There’s little doubt that federation is the wave of the future. True, we’ve been saying that for a number of years, but I do think we can now see that future. If you’re unsure about any parts of it, this paper should help.