• United States

Liberty Alliance vs. WS-Federation: Should we care?

Nov 03, 20033 mins
Access ControlEnterprise Applications

* Who is clamoring for a single federated identity specification?

At the recent Digital ID World conference, the Liberty Alliance trotted out a white paper, which the group believed marked a milestone or turning point in the evolution of federated identity services. The paper, “Liberty Alliance & WS-Federation: A Comparative Overview” was supposedly in response to the clamoring of the business world for a single public specification for federated identity implementations. But who’s doing the clamoring?

The general press (newspapers and news magazines) has nibbled at the edge of the supposed “competition” for a standard but the only other voices raised appear to be those with a vested interest in having a particular standard emerge “victorious.”

Standards aren’t chosen in one-on-one battles by poll or ballot, though. Standards usage emerges based on the needs of the users (both software developers and those implementing the software) as well as the perceived value of the standard.

Twenty years ago, we were told that Token Ring (followed by FDDI) was the “best” technology for wiring a network and that Ethernet was passé. Later we were told that ATM to the desktop would supplant Ethernet. But most wired networks are still using Ethernet; Token Ring, FDDI and ATM are rarely mentioned in discussions of wiring schemes. It was only those with a vested interest who were “clamoring,” while the actual users and implementers voted with their pocketbooks for what they perceived as the best value.

Most of the people “clamoring” for a single standard today are representatives of members of the Liberty Alliance – hardly unbiased observers. Not altogether surprisingly, we see neither Microsoft nor IBM – the two biggest powers behind the Web Services Initiative (WSI) of which WS-Federation is but a small part – “clamoring” for a single standard. They both know that delivering a protocol or specification that works and is perceived to provide value is much more likely to lead to a “win” (however that might be judged) than press releases and public “clamoring.”

There is, also, a third identity federation specification – Shibboleth from the Internet2 community. We haven’t heard from the Liberty folks as to how Shibboleth compares with their project but that’s probably only because the “Wall Street Journal” hasn’t discovered it yet.

I like the Liberty Alliance specification. It’s got both a business and a technical focus, something lacking in many networking standards and specs (including much of the WSI work). I just wish the folks in charge would spend more time talking up its good points and the general need for identity federation than wasting effort belittling someone else’s work. Identity management as a concept still hasn’t penetrated to the boardroom of most organizations. Identity management, not a particular implementation, is what Liberty should be selling.

There’s something else about this white paper that rubs me the wrong way, so come back next time and I’ll bend your ear about that.