• United States

Novell explains federated identity

Oct 20, 20033 mins
Access ControlEnterprise ApplicationsWeb Development

* Vice president of Novell's Web apps takes on identity management

David Litwack knows Web services. The former president and CEO of SilverStream Software, and now senior vice president of Novell’s Web Application Development Products (i.e., the SilverStream products Novell acquired) likens the current trend towards Web services computing to client-server computing of an earlier era. 

Litwack told consultants from the Hurwitz Group, “Client server wasn’t visionary, but it changed the world because it made use of a number of incremental evolutionary technologies, starting with the personal computer and Windows, and so forth. Web services doesn’t exist without the Internet. It doesn’t exist without HTTP or without XML or browsers. So Web services is simply the evolutionary cap piece in all this technology. But this is very much a case where the whole is greater than the sum of the parts, and the whole itself is revolutionary in the way businesses will use information.”

I think that pretty well presents the case for Web services without any of the hype that has been poured on the new technologies. Litwack is worth listening to on Web services. He recently wrote a piece for “Business Integration Journal” ( entitled “ID, Please: The Case for Giving Web Services an Identity,” so is he worth listening to on identity management?

The five-page article begins with four bullet points:

* As the interactions between Web services become increasingly complex, the need for trusted relationships also increases.

* Validation can be achieved by creating an identity for both users and services. Knowing the identity of the user or services and granting appropriate access becomes extremely important.

* Directory services will evolve from simple LDAP repositories used for authentication and storage to robust engines that provide identity integration, access management, and policy enforcement.

* Identity information about a Web service can be maintained in a directory, providing authentication, authorization, and single sign-on capabilities to support complex Web services interactions.

I’m not sure he encapsulates the technology correctly. He seems to invest much of the work of what we called the “identity grid” last week within the realm of the directory service (but, then, that’s what his new company does best). He gives short shrift to the upper levels of the identity stack such as the transaction/messaging layer as well as the management and presentation layers. Still, he appears spot-on concerning the business case – the absolute need for good identity management in order to properly construct useful Web services.

The article goes on to explain the benefits of federated identity (specifically, the Liberty Alliance version) along with a useful presentation of what a reasonable directory service can do in a Web services environment. All in all, it’s a very good overview of identity services aimed at the designers, producers and custodians of Web services. You can use it as an aid to explaining your own programs and initiatives or adapt some of its arguments as sales tools when presenting your plans to the budget committee. They wouldn’t turn down Web services, would they?