IBM-Microsoft Group Publishes WS-Federated Spec

SAN FRANCISCO — Pushing ahead with their vision of federated network identity, Microsoft , IBM , BEA Systems , RSA Security and VeriSign Tuesday published the initial public draft of the WS-Federation specification.

The platform uses XML and other Web services criteria to define mechanisms that let developers manage and establish trust relationships across companies and domains that use different types of security solutions.

The WS-Federation specification builds on the foundation of published WS-Security specifications, and WS-Security, WS-Policy, WS-Trust and WS-SecureConversation, which are designed to enable a comprehensive model of security functions for Web services. Back in April 2002, Microsoft and IBM co-authored the roadmap, “Security in a Web Services World,” which outlined a framework of specifications including WS-Federation.

“This specification is one of the last big hurdles in establishing trust boundaries between companies,” Microsoft director of Web services Marketing Steven Van Roekel told “We’ve come to the inflection point where that is done and now we’re turning the corner.”

The five companies are at the Burton Group’s Catalyst conference here demonstrating how the technology interoperates between three different server systems using IBM, J2EE and Microsoft platforms.

As part of a new “Federation of Identities in a Web Services World whitepaper, IBM and Microsoft also released guidelines for “Web Services Federation Language” including a “Passive Requestor Profile” for non-Microsoft Web browsers or non-Microsoft Web-enabled cell phones or devices, to provide identity services. The “Active Requestor Profile” covers SOAP-enabled applications and other smart clients.

Van Roekel also said Microsoft is working on its own version of Liberty-like software running on top of the infrastructure. He said the platform would be a combination of its established Web services technologies like Passport, TrustBridge and Windows Identity management software all working together under one yet-to-be-named umbrella brand.

Liberty’s Kids

Not too surprising three out of the five companies also belong to the Liberty Alliance project, which has been seen in the past as a competing architecture.

Microsoft and the consortium of more than 170 companies focused on developing and deploying federated identity standards, have not always seen eye-to-eye, all sides appear to agree that there is room for WS-Federation and Liberty’s own federated identity specifications to come together.

“Convergence is clearly best for everyone,” Britta Glade, vice chair of the Liberty Alliance Business and Marketing Expert Group, told

James Vanderbeek, chair of the Business Requirements Group at Liberty and senior manager of strategy at Vodafone, added, “We can look to drive convergence between the two. Neither of the two parties involved want to try to split the market. It will only serve to not foster adoption rather than drive it.”

In some ways, Liberty already took the first step when it incorporated WS-Security, another specification developed by Microsoft, IBM and BEA, into its specifications, and there are a number of Liberty members that also serve with those companies in the Web Services Interoperability (WS-I) consortium founded by Microsoft and IBM.

“Because of the cross involvement, we were able to very quickly look at how [WS-Security] could be utilized in the Liberty Alliance,” Glade said.

Van Roekel conceded that if Liberty were to adopt WS-Federation, it would have instant access to more of the back end.

“It’s in their best interest because two of the largest application vendors are betting on WS-Federation,” he said. “Liberty is a little higher interaction between companies but tackles just one scenario of one trusted business partner to another trusted business partner. We’re broader than that. Also, whereas Liberty has bet on SAML, we work with Kerberos, PKI and other existing security standards.”

Editor’s note: editor Thor Olavsrud contributed to this report.

News Around the Web