Single Sign-On Gains Liberty Support


Although a lack of interoperability has threatened to hold Web services
adoption back, Liberty Alliance, a group dedicated to forging an open identity standard,
cracked that barrier by certifying nine single sign-in products this week.


The group awarded Ericsson, Hewlett-Packard, IBM, Netegrity,
Novell, Oracle, Ping Identity, Sun, and Trustgenix its “Liberty Alliance Interoperable”
mark in a conformance test.


The certification, which covers Liberty Alliance Identity Federation Framework (ID-FF)
version 1.1 and 1.2 for single sign-on services, involves a rigorous
testing process that gauges identity federation, authentication, session
management and privacy protection. Vendors must demonstrate interoperability
with two other randomly selected participants.


Secure single sign-on services are a key ingredient for Web services
, a high-flying concept for distributed computing that
allows applications to talk to one another to perform tasks. But customers
are afraid to “sign-on” without a secure brand, because crackers can swipe
their personal information if the site is not safeguarded properly.


According to a Liberty statement, the products are interoperable
out-of-the-box, which pares deployment schedules and saves costs. This is
key, as customers are loathe to license technology if it isn’t supported by
a validated standard, according to Gartner analyst Ray Wagner.


Customers who are thinking about federation projects need some reassurance
that there won’t be a huge amount of manual integration necessary between
partners with different infrastructures,” Wagner told
internetnews.com. “Requiring compliance with Liberty, SAML,
WS-Federation, and WS-I Basic Security Profile, or a subset of the above,
will provide some assurance that systems have the capability to work
together.”


Wagner said he believes most vendors who make identity management products
will provide compatibility with specs or standards in the short term, noting
that Federation protocols in particular (SAML, Liberty, WS-Federation) will likely
converge in the medium term.


With Liberty’s certification, companies can say that their products are
compliant with the Liberty identity standard, making their identity management
software more appealing to customers looking to shore up their Web services
platforms with authentication via single sign-on services.


Forrester analyst Randy Heffner said using Identity Web
Services Framework
(ID-WSF) requires Liberty’s ID-FF
and offers an interoperable path to Web services as long as users start with
Liberty’s ID-FF.


“There is a test suite to ensure broad testing coverage of the technical
interfaces,” Heffner told internetnews.com.
“But successful operation of the tests is sort of on the honor
system — except that a vendor who wants the Liberty logo must participate
in an interoperability event and successfully connect with a couple of other
randomly chosen products.”


“This is better than a simple, pre-planned interoperability event, which
only proves that there is ‘at least one’ configuration by which products can
work together — but not that this is the configuration that any given user
might need,” Heffner concluded.


Web services have been slow to take off over the last few years, due to
obstacles such as interoperability, security and manageability. But this is
changing, owing in part to the steady work companies have been putting into
the matter and the increasing acceptance of the more broad service-oriented
architecture approach to software services.


The following products are now
Liberty compliant: the Ericsson
User Session & Identity Server 1; HP
OpenView Select Access 6; IBM
Tivoli Access Manager software family;
Netegrity SiteMinder Federation Solution Module 6; Oracle Identity Management 10g; Ping Identity SourceID Liberty 2.1;
Sun Java System Access Manager; and Trustgenix
IdentityBridge 2.1.


Meanwhile, Novell is developing a Web
authentication/authorization product that enables the secure federation of
identity data through both the Liberty Alliance specifications and the SAML
protocol. It is scheduled to ship in the first half of 2005.

News Around the Web