Sidebar: Standards Shuffle

A relative lack of interoperability among the products that are used in a federated identity system continues to be a problem, but the situation is getting better, according to users, vendors and analysts.

In a federated identity management system, identity information is shared across heterogenous systems by multiple organizations using standards that specify how the information is to be exchanged.

The most popular standards for doing this are SAML from the Organization for the Advancement of Structured Information Standards, or OASIS, and the Identity Federation Framework from the Liberty Alliance Project, a 150-member consortium focused on digital identity.

Products from various vendors supposedly implementing the same standards haven't always interoperated easily with one another in a federated network, says Dan Blum, a Burton Group analyst. "Interoperability is a problem," he says. "But there are some initiatives going on in the industry which are starting to ease the situation."

Among the more notable ones are the Liberty Alliance's conformance tests, which have been going on for over a year. Under the initiative, the alliance is validating interoperability of different vendor implementations of its federation specifications.

In another effort, several vendors are working with the U.S. General Services Administration on the E-Gov E-Authentication Initiative to demonstrate interoperability of products using SAML. So far, products from seven vendors have passed SAML 1.0 interoperability tests and have been approved for use by federal agencies in implementing E-Authentication. The vendors include IBM, Oblix, RSA Security, Entrust Inc. and Hewlett-Packard Co.

Similar testing will be needed on another emerging standard called the Web Services Federation Language, a specification for sharing digital identities, Blum says. The companies involved in that effort include IBM, Microsoft Corp., Netegrity, Ping Identity Corp. and RSA.

"The key thing is for a user not to get bogged down with one or two vendors," says Venkat Raghavan, security manager at IBM's Tivoli Software unit.

"A [user] company cannot say, 'I only want to use Liberty or only want to use SAML,'" says Raghavan. In a federated network, users must be able to share identity information using multiple products and protocols, he adds.


Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon