My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Saturday, November 19, 2005
« W3C Workshop on XML Schema 1.0 User Expe... | Main | Free media server program for Tivo »

“Federation refers to the establishment of some or all of business agreements, cryptographic trust, and user identifiers or attributes across security and policy domains to enable more seamless cross-domain business interactions. As web services promise to enable integration between business partners through loose coupling at the application and messaging layer, federation does so at the identity management layer - insulating each domain from the details of the others' authentication and authorization infrastructure.” — SAML Executive Overview [PDF]

This is a big deal to any distributed enterprise that needs to manage Identity and provide Single Sign On. Security Assertion Markup Language (SAML) 1.1, which is an OASIS Standard, has been an accepted mechanism for accomplishing this.  SAML is something is extensively leveraged within the Enterprise that I work in, so this is of particular interest to me. SAML 2.0 is the next generation of this technology that is going through the OASIS standardization process and is backed by folks like the Liberty Alliance among others. I recently read in an Infoworld article that Microsoft will not be supporting SAML 2.0, but will instead back the WS-Federation protocols. WS-Federation is an effort that is being backed by companies such as IBM, Microsoft, BEA Systems, RSA Security, and VeriSign.

I am unsure of what this means as of yet, so I need to do some further research into both efforts. Here are some links to various sources of information on both efforts so that we can understand, hopefully, what the technical approach each effort is taking, and the impact if one chooses one approach versus the other.

SAML WS-Federation


Tags:: Security
11/19/2005 2:42 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.