When Microsoft and Sun Microsystems announced last week that they would be working to create single sign-on utilities
between their products, the news raised more questions than it answered.
The companies have developed the Web Single Sign-On Metadata Exchange (Web SSO MEX) protocol and Web Single Sign-On Interoperability Profile (Web SSO Interop Profile) specifications.
Microsoft CEO Steve Ballmer and Sun CEO Scott McNealy said the rules will
make browser-based single sign-on possible between platforms from different
vendors that use the similar Liberty Alliance Identity Federation Framework
(ID-FF) or WS-Federation.
The Sun-backed ID-FF and Microsoft-backed WS-Federation describe a way to
enable identity, account, attribution, authentication and authorization
federation across different organizations.
Some standards experts are comforted that the two rivals have made progress to help customers tap into Web services and service-oriented architectures
(SOA). But they see a thicket of issues, as well.
Analysts say the work, while a step in the right direction, is far from
Forrester Research analyst Randy Heffner said there is definitely some
goodness in the deal, but what is more interesting is what the companies
have not said.
For example, WS-Federation, a spec that has yet to be submitted to a
standards body, has two profiles: Passive Requestor and Active Requestor. By
not including Liberty’s Identity Web Services Framework, the announcement is
implicitly limited to the Passive Requestor profile, Heffner argued.
“Bottom line: Web services interoperability is not yet part of the picture,”
Heffner said. “It remains to be seen how far the Sun/Microsoft collaboration
will go in this direction.”
Microsoft and Sun also pledged joint support for WS-Management and have
shown how Microsoft’s software runs on Sun machines using the schema. But
that, too, is just a spec with no formal home.
“It is good that Sun is in with the Microsoft crowd for WS-Management, but
the WS-Management group has yet to come clean on how they will work with the
WSDM standard approved by OASIS,” Heffner said. “Again, WS-Management is
still just a specification in the hands of vendors.
There is evidence that vendors are being helped by Microsoft’s and Sun’s
interoperability efforts. Fred Killeen, CTO for General Motors Information
Systems & Services, said the unity is important for GM because the automaker
has more than 1 million users that use a combination of Sun’s Directory
and Microsoft’s Active Directory software.
GM is engaging in a proof of concept for integrating Microsoft and Sun
software. The automaker is using a Microsoft-based desktop to authenticate
to an Active Directory. From there, the company provides single sign-on to
its user portal, which uses Sun’s portal software and Directory.
“It will take out a significant amount of the complexity in our current
environment,” Killen said during the press event. “We’ll have fewer calls
to our help desk. We expect it will reduce the complexity and the cost, so
this is a big deal for us.”
Ballmer shrugged off the importance of the GM experiment with regard to specs
and standards during the press event last week.
“I don’t want people to just think this is about specs and standards —
those things are super important. But at the end of the day, they’re not
going to let folks at General Motors get full access to the Microsoft world
and Sun portal world at General Motors. That will come through the products
that our two companies deliver.”
But perhaps they should concern themselves with standards. One expert said
that standards resolution, cutting through the duplicate schemas and other
overlap, is not getting any easier.
Gartner analyst Charles Abrams said that complications have cropped up over the last few years, because vendors began churning out specs to
make Web services run more seamlessly.
For example, Abrams noted that the progress of the Liberty Alliance is
moving a lot slower than expected, as is work around the World Wide Web
Consortium’s WS-Addressing spec, a vital rule that would enable Web services
to be broken out of HTTP.
The reality is, he said, the IT world isn’t at the point where users have a
complete Web services stack with heavy inter-relationships. One brick wall
is that the standards process is becoming too complex. Another is that vendors
are defending their interests, Abrams said.
“The Web services standard stack under development continues to cause
confusion and wasted development resources,” Abrams said. “There are over 50
Web services standards and specs proposed and under development. I predict
fewer than 25 will survive by decade’s end as open industry standards.”
Progress is being made but at the minimum, the IT world won’t see a lot more
standards coherence until roughly 2008, he said.
“The main issue for the end user is when evaluating a platform application
or tool purchase from a vendor, which spec are they using and which should
they be deploying when doing internal application development,” Abrams said.