• United States

Standards bodies work to ensure identity management interoperability

Feb 26, 20033 mins
Enterprise Applications

* Identity management news from Liberty Alliance and OASIS

It’s gratifying to see that so many organizations, standards bodies, ad-hoc committees and even single vendors are doing so much to try to ensure interoperability and nonduplication of services in the identity management field. I’ll mention two recent developments, but there are many others. Please feel free to draw my attention to any efforts along these lines that you are participating in or are aware of.

The Liberty Alliance Project recently released a white paper called “Identity Systems and Liberty Specification Version 1.1 Interoperability” (see editorial links below), in response to questions about Microsoft’s Passport technology and how it affects the Liberty specification.

Read the paper for all the details, but the bottom line is that Passport and the Liberty specification are not competing technologies. In fact, they can be complimentary. SAML, the Security Assertion Markup Language, is the common denominator between the two.

Liberty is rooted in SAML, while Passport can be based on SAML (and probably will be for most users). The difference is one of focus – while the Liberty specification is concerned primarily with providers of goods and services and their ability to federate, Passport has a user-centric focus.

The paper concludes, “Liberty understands that all organizations will have multiple identity managers – public, private or proprietary – with whom it will have to coexist.” That’s the bottom line: Liberty will ensure that its specification changes to accommodate any identity management products that members of the alliance might use. That’s good news for those with a need to be early adopters of federated identity products.

From OASIS comes word that the Extensible Access Control Markup Language (XACML) technical committee has released Version 1.0 of its specification. 

The XACML group is tasked with developing an XML schema for encoding authorizations and entitlements and, as such, is quite complimentary to SAML, which deals more closely with authentication. Authentication and authorization are, of course, two of the prime reasons we need solid identity management services. See how it all fits together? 

The XACML charter reads, in part: “XACML shall adopt as baseline documents the work products of the Security Services Technical Committee [the authors of SAML] including but not limited to a Domain Model and Glossary.”

There are still a few things to work out, since the Security Services Technical Committee charter also claims jurisdiction over the exchange of authorization information. The membership in the two committees includes a lot of overlap, though and both committees have vowed to work closely with the other to avoid nonduplication of effort.

It’s this cooperative attitude on the part of specification creators that will greatly facilitate the wide acceptance of the many services that we envision for users. For too long we’ve acted as if the water pipes buried under the street were more important than the whirlpool baths and hot tubs built on top of them. To the users, the plumbing doesn’t really matter – all they care about is relaxing after a hard day. The important thing about the pipes is not whether they’re nine millimeters or twelve millimeters in diameter, but can they connect together – can they interoperate – to deliver the service that the end-user really wants. Three cheers for us.