Microsoft will stick by the
WS-Federation protocol for identity federation. The WS-Federation specification
defines mechanisms to allow different security realms to federate by allowing
and brokering trust of identities, attributes, authentication between participating
Web services- a concept that includes single sign-on (SSO) for several
different Web portals and secure transfers of data between partnered
businesses.
Don Schmidt, senior program
manager for Microsoft's Identity and Access group, gave a session on ADFS
(Active Directory Federation Services), Microsoft's software for federated
identity, at Microsoft's IT Forum 2005 in Barcelona. Microsoft has backed
WS-Federation protocols for the next generation of message-based applications
because it offers a full suite of security, message, and transaction protocols.
The company's stance is not about which protocol set is necessarily better but
rather which offers a wider flexibility in accommodating federated identity, he
said.
The WS-Federation protocols
compete with the SAML (Security Assertion Markup Language) 2.0 specification,
which so far has strong footing in the race to create secured identity
federation across organizations. SAML 2.0 is backed by consortiums such as the
Liberty Alliance and the Organization for the Advancement of Structured
Information Standards (OASIS).
SAML 2.0 protocols are fine
for strictly Web single sign-on, Schmidt said, but the WS-Federation protocols
are better equipped to deal with a distributed Web services environment for
message reliability, transaction support and security; SAML 2.0 does not have
reliable messaging or transaction support.
The problem for businesses
is when they want to federate but have chosen a different set of protocols.
Vendors are developing translators between the two standards, but Schmidt said
those potentially could have a security problem since there a middle point
where the data is processed, although he said he believes those systems will
improve.
Microsoft will soon start
shipping "a whole lot" of servers that use WS-Federation protocols,
and those client computers will be compatible, Schmidt said.
About SOA News Desk SOA World Magazine News Desk trawls the world of distributed computing and SOA-related developments for the latest word on technologies, standards, products, and services and brings key information to you in a timely and convenient summary form.
Reader Feedback: Page 1 of 1
#1
SOA Web Services News Desk commented on 18 Nov 2005
Microsoft has decided to stick with the WS-Federation protocol for identity federation and not support the SAML 2.0 protocol. The reason for this decision is the wider flexibility and reliability offered by the former as against SAML 2.0, which does not support reliable messaging or transactions, said Don Schmidt, senior program manager for Microsoft's Identity and Access group.