New Specs on Federated Identity Management

Both Liberty Alliance and RSA have announced progress on their Federated Identity Management specs for Web Services on Monday and Tuesday respectively.

Federated Identity Systems aim to provide a solution for sharing identities between multiple websites, services and applications, without burdening the user to re-authenticate himself. In other words a single-sign-in solution where 'federated' stands for standardized methods in sharing trust in an identity among multiple service-providers.

RSA has partnered with Microsoft and IBM, among others, for their SAML (Secure Assertion Mark-Up Language) based solution called 'RSA Federated Identity Manager'. IBM and Microsoft are commited to support the product in their Web Services applications.

Liberty ID-WSF proposed by the Liberty Alliance is functionwise a little more advanced; provides more robust measures to ensure privacy, but still is tackling the same problem of web services authentification. The real difference lies in the amount of openess of both approaches. RSA takes an partially closed-source but open standards approach. Microsoft already has followed suit and announced their 'Web Services Enhancements 2.0' specs, consisting of "WS-Security 2004, WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, and WS-Addressing", where "WS-Security 2004 became an OASIS Standard in April 2004, while the other five protocol specifications are proprietary." It is likely that IBMs WS-Federation software will also be partially proprietary.

While Liberty Alliance not exactly about open source, but certainly committed to open standards its IP policy at least encourages open source implementations of their solutions. Serveral of those are already available.

Interestingly RSA doesn´t seem to put all its eggs in one basket and is also a member of the Liberty Alliance and even co-authored Liberty ID-WSF.