New release provides support for SAML2.0 and marks a significant step in the convergence of identity specifications
February 10, 2005–Liberty Alliance, the global consortium for open federated identity standards and identity-based Web services, today announced the public draft release of ID-WSF 2.0, a second-generation framework for identity-based Web services.
The publicly available framework has been extended to include support for SAML 2.0, specifically defining how SAML 2.0 assertions can be used to communicate identity information among identity-based Web services. Today’s news reflects the ongoing cooperation Liberty Alliance maintains with OASIS and other global standards organizations, integrating recognized open standards into Liberty specifications and helping to drive convergence of identity specifications. As developers increasingly migrate to SAML 2.0, they can now, or at any time in the future, implement ID-WSF specifications to more easily and securely manage interoperable identity-based Web services.
“Successful identity management has become a critical factor in application development and the necessary foundation for deploying all Web services,” said George Goodman, president of Liberty Alliance’s management board and director of Intel’s Visualization and Trust Lab. “These specifications provide a blueprint for driving convergence between federated identity and Web services specifications, a necessary step to complete interoperability.”
Gerry Gebel, senior analyst with Burton Group, added, “SAML 2.0 is a significant convergence point in the evolution of federation standards. It’s important that vendors and other organizations involved in the standards development process provide a clear roadmap to support this latest version of SAML.”
A Phased Approach Supports Rapid Deployment
Today’s news is part of a Liberty Alliance roadmap for WSF 2.0 specifications that are being released in phases to accommodate rapid industry deployment. The first phase is focused on SAML 2.0 support. The second and third phase, which are expected to be completed in full by the end of 2005, include several significant new features, designed to give implementers even greater depth of functionality including the capability to leverage custom Web services, as well as those being developed in the services groups within Liberty Alliance.
The specifications are based on guidance from Liberty’s market requirements process, to which Liberty members contribute their use cases. Specific enhancements include:
* Subscription/Notification: Permits Web service consumers to subscribe to automatic notices of changes from the Web services provider, automating the process and delivering benefit of ease and control to the end users
* Groups: Offers support for those scenarios in which membership in a group (e.g. a soccer team, senior managers, etc…) drives/impacts the consumers’ online interactions, allowing implementers to deliver enhanced services to end users
* Principal Referencing: Allows users to create and maintain a list of those friends/colleagues with whom they wish to interact online (e.g. viewing photos, finding the location, sharing contact book info, etc), opening up significant new opportunities to personalize services and allow end users to easily customize their Web experience
* Intelligent Client: Defines/profiles identity management mechanisms where the user device has enhanced capabilities, available if the device is on or offline, allowing Web services across a variety of devices and interoperability across systems, expanding the opportunity for additional types of strong authentication mechanisms, smart cards, SIM devices, etc.
History of the Liberty Alliance and Web Services
The Web services specification, first introduced in April 2003, is already in use at many organizations across the globe. The first interoperability compliance testing on the specification was completed in October 2004, at which time several companies illustrated support and compliance, including Hewlett-Packard, Nokia, Novell, NTT, Sun Microsystems and Trustgenix.
According to the 2004 Enterprise Web Services Survey by The Yankee Group, Web services adoption is still early in its lifecycle. Although 48 percent of the companies surveyed have already deployed Web services, 39 percent say they will be deploying Web services sometime within the next 12 months. For the majority of these Web services, identity will play a critical role. Liberty’s architecture provides a standardized identity layer on which such services can be built, assuring interoperability and flexibility for implementers, both inside and outside of corporate boundaries, as well as ease-of-use and a rich range of options for end users.
“Federation is the organizing principle for Web services and the market clearly understands that relationship,” said Goodman. “By driving the leading specifications in both federation, with our work with OASIS, and Web services, Liberty is once again demonstrating its vision and authority within the identity marketplace, and showing commitment to focusing on convergence whenever and wherever possible.”
About the Liberty Alliance
Liberty Alliance (www.projectliberty.org) is an alliance of more than 150 companies, non-profit and government organizations from around the globe. The consortium is committed to developing an open standard for federated network identity that supports all current and emerging network devices. Federated identity offers businesses, governments, employees and consumers a more convenient and secure way to control identity information in today’s digital economy, and is a key component in driving the use of e-commerce, personalized data services, as well as Web-based services. Membership is open to all commercial and non-commercial organizations.
# # #
“As a world leader in identity and access management software solutions, CA supports the Liberty ID-WSF specification. This standards support – which already includes SAML 1.0, 1.1, 2.0, Liberty ID-FF 1.1, 1.2, UDDI, WS-S and SPML 1.0 – will enable CA customers to flexibly create, publish, discover and consume identity-based services in support of both their internal and federated business requirements.”
–Gavenraj Sodhi, Product Manager for eTrust Security Management, Computer Associates
“HP has long been committed to supporting and driving open standards including the recent work with the Liberty Alliance for ID-WSF version 2.0. The HP OpenView Identity Management solutions with SAML, Liberty ID-FF and Liberty ID-WSF support underscore HP’s commitment to helping customers with solutions based on open standards, interoperability and ease of integration.”
–Todd DeLaughter, Vice President and General Manager, Management Software Business, Hewlett-Packard
“The release of the Identity Web Services Framework specifications from the Liberty Alliance yet again shows the ability of the organization to translate real business problems into well-defined open specifications. Nokia is a committed participant in Liberty Alliance, and Nokia’s implementation of ID-WSF in smart phone devices is proof of this commitment. We welcome Liberty Alliance’s ambition to drive convergence of both Federated Identity and Web services specifications. By addressing other open specifications, such as SAML and WSS, Liberty Alliance does a good job in reducing uncertainty in the marketplace.”
–Mikko Terho, Vice President, Strategic Architecture, Nokia
“Sun is heavily invested in the ID-WSF 2.0 specification because it hits a sweetspot for defining highly-secure, identity-based Web services that conforms to the WS-I Basic Profile and the Java enterprise platform. Providing personalized services without compromising individual privacy
is critical, and with this ability, Sun’s Java Enterprise System will enable companies to easily and cost effectively do business with trusted partners and customers while maintaining the highest level of security and control over identity information.”
–Joe Keller, vice president of marketing, Advanced Development Platforms, Sun Microsystems Inc.
“As long time members of the Liberty Alliance we have actively contributed to the development and evolution of the ID-WSF specifications, and produced a leading implementation that is in-use today by several customers. By adding the ability to leverage the SAML 2.0 protocol for single sign-on, ID-WSF version 2.0 has emerged as the leading standard for adding identity federation to Web services that span multiple domains.”
–Greg Whitehead, CTO, Trustgenix