SAML tops federation projects survey

Last issue we looked at some of the responses that Ping Identity, sponsor of the SourceID Web site, received when it recently surveyed folks who downloaded its open-source Liberty Alliance tool kit. Ping wanted to find out more about the downloaders’ federation projects. While there weren’t many surprises in the survey results (e.g., more than 50% of the 157 respondents were with U.S. companies and almost three-fourths were from English-speaking countries), the results to questions about standards and protocols might raise an eyebrow or two.

When asked about the priority of federation protocols, it wasn’t surprising that the Liberty Alliance protocols out-polled the WS-Federation protocol (favored by IBM and Microsoft) since the respondents were specifically those who downloaded a Liberty Alliance tool kit. But even adding together those who preferred Liberty phase II with those who preferred Liberty phase I (a total of 42% of the respondents) they were still outweighed (at 49%) by those who favored Versions 1.0, 1.1 and 2.0 of the Security Assertion Markup Language (SAML).

SAML is the transport mechanism for the Liberty Alliance proposals, and one of the allowed transports for WS-Federation, but it appears that a number of projects are working directly with SAML and by-passing the “higher” layers of the two competing standards.

It might be that the projects being talked about are all early stage developments, with the SAML parts being worked on now while the developers look to see which of the two competing standards will emerge with an edge – or, perhaps, a consolidation or merger might occur with one standard being created from the two we currently have. If you think that’s a likely scenario, then it would be wise to put off any development at that upper level until the parameters of the eventual standard begin to take shape.

Another of the survey questions asked downloaders what additional protocols were “of interest” to them vis-à-vis federation. The big winner there was OASIS’ eXtensible Access Control Markup Language (XACML), with 49%, followed by Service Provisioning Markup Language (SPML) at 29%, and eXtensible Resource Identifier (XRI) with 14%. A scattering of other protocols took 8% of the responses.

XRI could be considered a competitor to Universal Description, Discovery and Integration, if UDDI had ever amounted to anything. It’s to be the output of an OASIS Technical Committee and purports to be a Uniform Resource Identifier (URI) scheme and a corresponding Uniform Resource Name (URN) namespace for distributed directory services. We’ll take a closer look at this in an upcoming newsletter.

Where XRI is involved with finding resources, XACML is all about accessing resources, or perhaps protecting resources. XACML, language for the expression of authorization policies, should be looked at by anyone working on an SAML (framework for exchanging authentication and authorization information) projects while XRI should be in the toolkit of those with provisioning (i.e., SPML) projects in the works. These protocols shouldn’t be developed – or developed to – in a vacuum. Without interaction among them all (and that includes Liberty and WS-Federation) it’s going to be difficult to get beyond the experimental phase and into real, working federation projects.