Like the occasional needs of political reality, those for information security can -- and sometimes do -- trump
the impulses of competitors to compete rather than collaborate. This phenomenon showed itself in spades on May 13, when Microsoft Corp. and Sun Microsystems held a joint press conference to spread the word about two new, XML-based identity management specifications, along with plans for additional collaboration aimed at supporting product interoperability and enhanced security.
The focus of this unusual partnership is to create Single-Sign On (SSO) identity specifications for use on the Web. This recent work has resulted in two specifications:
- Web Single-Sign On Metadata Exchange Protocol (Web SSO MEX protocol): this is designed to enable services to "...query an identity provider for metadata that describes the identity-processing protocol suites supported..." to facilitate communications between the service provider and the identity provider.
- Web Single-Sign On Interoperability Profile (Web SSO Interop profile): this creates an interoperability profile of the Web SSO MEX Protocol designed to permit Liberty Identity Federation or Web Services (WS)-Federation based identity providers to interact with a Web service.
Together, the two specifications are intended to let Web service providers turn to reliable third parties for identity verification and processing, and, in turn, to make it easy for those third parties to deliver identity information and verification back to those same service providers.
The idea, of course, is to put XML to a standard and desirable use -- namely, to reduce or eliminate code dependencies associated with different groups of identity providers (in this case, the Liberty Identity Federation and WS-Federation are singled out for specific mention, but there's no reason why other such associations couldn't also be included in the future). The impetus behind SSO is to make it easy to establish and maintain identity when logging into one type of system, then making it likewise easy (but also transparent) to establish identity on other types of systems in the background as part of handling access requests, rather than requiring additional logins and requiring further proofs of identity.
Although there's still a lot of work left to do before these drafts change from working to recommended status, it's an encouraging sign that companies that are sometimes at odds can collaborate to meet genuine user needs that cross product and platform boundaries. It should be interesting to watch this effort mature and begin to deliver on its promises to enable single sign-on for multiple Web service environments.
The text of the original press release is available, as is a transcript of the press conference held on May 13, 2005. Drafts of the specifications are available at Microsoft and Sun for public comment.
Ed Tittel is a full-time writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. E-mail Ed with comments, questions, or suggested topics or tools for review.