Feeds

IBM, Microsoft and Liberty: together at last

In Software We Trust

  • alert
  • submit to reddit

Security for virtualized datacentres

ComputerWire: IT Industry Intelligence

A Sun Microsystems Inc-backed initiative on secure network identity has taken its first steps towards supporting a specification from Microsoft Corp and IBM,

Gavin Clarke writes

.

The Liberty Alliance Project this month had a presentation from VeriSign Inc, a co-author of WS-Security with Microsoft and IBM, with a view to including the XML-based specification in its own planned specifications.

The move signals an further easing of tensions between Palo Alto, California-based Sun and the industry-backed Liberty, and IBM and Microsoft, both absent from Liberty and pursuing separate security policies.

Liberty's interest comes after Sun agreed to endorse WS-Security's submission to the Organization for Advancement of Structured Information Standards (OASIS) last week.

That decision followed months of hostility between the vendors. Sun was apparently excluded from the formation of the Web Services Interoperability (WS-I) organization, which was backed by IBM and Microsoft.

Sun formed Liberty as Redmond, Washington-based Microsoft announced plans for a federated Passport. Prior to VeriSign's Liberty presentation this month, talks had taken place between Microsoft and Liberty members who were concerned both camps would develop specifications minus interoperability.

Bob Sutor, IBM's director of e-business standards, told ComputerWire he hoped Liberty would adopt WS-Security in its own specifications. A first set of Liberty specifications for a federated network single sign-on are due next month.

"We strongly hope Liberty will adopt WS-Security. The hope is that in time, the threads will come together to get a single standard," Sutor said.

A Liberty spokesperson said while members had received a presentation, an "official" analysis by a technical committee has not yet begun. "The Alliance will look at any open standards based technology for applicability within future versions of the Liberty Alliance specifications," the spokesperson said.

Sutor said last week's submission of WS-Security to OASIS could ensure other industry initiatives, such as Security Assertion Markup Language (SAML), also adopt elements of the specification. This would ensure SAML's XML-based security assertions work with WS-Security.

WS-Security provides a framework for different security assertions and certificates, such as SAML, Kerberos, 501 certificates and PKI. SAML has been developed at Oasis by 12 vendors including Baltimore Technologies Plc, RSA Security Inc and Novell Inc. Authors have developed a version that works with Simple Object Access Protocol (SOAP) and are already adapting this to work with WS-Security. The first public demonstration of SAML 1.0 is expected at the Catalyst Conference in San Francisco, California, on July 15.

Eve Maler, co-ordinating editor of the SAML specification, supported inclusion of WS-Security. "WS-Security has the potential for raising the security of web services security while SAML provides the guts. SAML is just one of the things WS-Security could wrap around it," Maler said.

One advantage of submitting WS-Security to Oasis will be the ability to flesh-out the basic specification. Sutor believes the existing specification is currently too generic in the way it integrates with assertions.

WS-Security is the first in a number of WS- specifications covering policy and trust, among other areas, proposed by IBM and Microsoft. No date is yet set for their submission to an independent standards body, although Sutor said policy level specifications would likely be next with specifications for federation following.

© ComputerWire

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.