Security concerns unite archrivals Microsoft, Sun

Like the occasional needs of political reality, those for information security can -- and sometimes do -- trump the impulses of competitors to compete rather than collaborate. This phenomenon showed itself in spades on May 13, when Microsoft Corp. and Sun Microsystems held a joint press conference to spread the word about two new, XML-based identity management specifications, along with plans for additional collaboration aimed at supporting product interoperability and enhanced security.

The focus of this unusual partnership is to create Single-Sign On (SSO) identity specifications for use on the Web. This recent work has resulted in two specifications:

  • Web Single-Sign On Metadata Exchange Protocol (Web SSO MEX protocol): this is designed to enable services to "...query an identity provider for metadata that describes the identity-processing protocol suites supported..." to facilitate communications between the service provider and the identity provider.
  • Web Single-Sign On Interoperability Profile (Web SSO Interop profile): this creates an interoperability profile of the Web SSO MEX Protocol designed to permit Liberty Identity Federation or Web Services (WS)-Federation based identity providers to interact with a Web service.

Together, the two specifications are intended to let Web service providers turn to reliable third parties for identity verification and processing, and, in turn, to make it easy for those third parties to deliver

    Requires Free Membership to View

identity information and verification back to those same service providers.

The idea, of course, is to put XML to a standard and desirable use -- namely, to reduce or eliminate code dependencies associated with different groups of identity providers (in this case, the Liberty Identity Federation and WS-Federation are singled out for specific mention, but there's no reason why other such associations couldn't also be included in the future). The impetus behind SSO is to make it easy to establish and maintain identity when logging into one type of system, then making it likewise easy (but also transparent) to establish identity on other types of systems in the background as part of handling access requests, rather than requiring additional logins and requiring further proofs of identity.

Although there's still a lot of work left to do before these drafts change from working to recommended status, it's an encouraging sign that companies that are sometimes at odds can collaborate to meet genuine user needs that cross product and platform boundaries. It should be interesting to watch this effort mature and begin to deliver on its promises to enable single sign-on for multiple Web service environments.

The text of the original press release is available, as is a transcript of the press conference held on May 13, 2005. Drafts of the specifications are available at Microsoft and Sun for public comment.

Ed Tittel is a full-time writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. E-mail Ed with comments, questions, or suggested topics or tools for review.

This was first published in May 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.