The Liberty Alliance has released the second version of its identification standards for Web services technology, marking what analysts said is another step toward the convergence of identity specifications that will simplify processing.
The global consortium’s latest release of ID-WSF 2.0 is a publicly available framework that has been extended to include support for SAML 2.0.
SAML, or security assertions markup language, defines an XML-based framework for communicating security and identity information between computing systems. SAML is from the Organization for Advancement of Structured Information Sciences (OASIS), an international standards body.
Blueprint for Convergence
“Successful identity management has become a critical factor in application development and the necessary foundation for deploying all Web services,” George Goodman, president of Liberty Alliance’s management board and director of Intel’s Visualization and Trust Lab, said.
These specifications provide a blueprint for driving convergence between federated identity and Web services specifications, a necessary step to complete interoperability,” he said.
According to the 2004 Enterprise Web Services Survey by The Yankee Group, Web services adoption is still early in its life cycle. Although 48 percent of the companies surveyed have already deployed Web services, 39 percent say they will be deploying Web services sometime within the next 12 months.
For the majority of these Web services, identity will play a critical role.
“SAML 2.0 is a significant convergence point in the evolution of federation standards,” Gerry Gebel, senior analyst with the Burton Group, told the E-Commerce Times.
He explained: “It can benefit e-commerce because the technology landscape has been simplified. Instead of having to choose between several models, organizations have one standard that supports all the key features from those previously individual specs or standards.”
Rapid Deployment Roadmap
ID-WSF 2.0 is part of a Liberty Alliance roadmap for WSF 2.0 specifications that are being released in phases to accommodate rapid industry deployment. The specifications are based on guidance from Liberty’s market requirements process, to which Liberty members contribute their use cases.
The first phase is focused on SAML 2.0 support. The second and third phase, which are expected to be completed in full by the end of 2005, include several significant new features designed to give implementers greater depth of functionality, including the capability to leverage custom Web services, as well as those being developed in the services groups within Liberty Alliance.
The Web services specification, first introduced in April 2003, is already in use at many organizations across the globe. The first interoperability compliance testing on the specification was completed in October 2004, at which time several companies illustrated support and compliance, including Hewlett-Packard, Nokia, Novell, NTT, Sun Microsystems and Trustgenix.
It’s those marquee players, however, who also present a challenge for the Liberty Alliance. While SAML 2.0 simplifies processing from a technology perspective, Gebel said there remains a challenge of creating trust between organizations.
“These are very large, complex organizations and it can be somewhat trying to get all the lawyers together to work out all of the soft, non-technical details of these kinds of arrangements,” Gebel said. “The technology, while it’s maturing, still only takes you so far.”