News

Liberty Alliance Converges with SAML

By David Worthington | Published February 11, 2005, 7:26 PM

In the past, cooperation among identity management standards organizations consisted of thinly laced talk about convergence. Today, at least two identity specifications are one step closer to being drawn together.

The Liberty Alliance has announced the public draft release of ID-WSF 2.0, the second generation of its federated identity and Web service standards framework. The framework continues to advance on a feature by feature basis; most significantly, WSF 2.0 supports OASIS's SAML 2.0 secure data exchange specification.

Liberty Alliance is a consortium of over 150 companies dedicated to the establishment of open federated network identity standards. That being said, Liberty is one of many such organizations. Another chief participant in the space is Organization for the Advancement of Structured Information Standards (OASIS), which plays host to both OASIS Security Service (SAML) and the XRI Data Interchange (XDI) technical committees.

SAML is an XML-based framework that facilitates the secure exchange of security credentials between Web services. WSF 2.0 has been drafted to help define how SAML 2.0 assertions should be used to relay information between identity-based Web services. All existing and future SAML 2.0 projects are compatible to work with the Liberty specifications.

Liberty's support of SAML 2.0 in its framework is hailed by some as an example of the type of step that is necessary for a longitudinal convergence of standards.

Gerry Gebel, senior analyst with Burton Group, said in a statement, "SAML 2.0 is a significant convergence point in the evolution of federation standards. It's important that vendors and other organizations involved in the standards development process provide a clear roadmap to support this latest version of SAML."

Support for SAML 2.0 is the first stopping point in a multi-phase rollout of WSF 2.0. The specification has two more stops to go before it is approved by the end of 2005. Upcoming enhancements are: automatic notifications of changes from Web service providers; centrally managed group identities; principally referenced lists of contacts to enable the sharing of digital assets among friends/colleagues; and the discovery of device profiles that will expand the depth of available authentication mechanisms.

More precise information on WSF 2.0 is available on the Liberty Alliance Web site.

View comments by with a score of at least

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

BlackBerry shipments grew five times faster than iPhone in Q3

Recent claims of Apple gains against Research in Motion are overstated, based on IDC smartphone shipment data released today.

Faster or more secure? Microsoft publishes IE patch to Automatic Updates

In a pre-emptive strike against a possibly critical future vulnerability, the company issues a patch to a patch that will definitely slow down Internet Explorer.

How RIM can avoid a premature endgame for BlackBerry

Carmi Levy | Wide Angle Zoom: The conservative strategy put RIM on the map, but today it's making BlackBerry vulnerable to obsolescence.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.

Is AES encryption crackable?

In a theoretical setting, a team of researchers has discovered what they think could be a flaw that leaves AES encryption open to attack.

New York: Intel's agreements to lower CPU prices led to overcharges

It's a huge legal stretch, but the law may not have another way to estimate just how much OEM purchasing agreements with Intel may have hurt consumers.