Feeds

IBM, Microsoft and Liberty: together at last

In Software We Trust

  • alert
  • submit to reddit

Top three mobile application threats

ComputerWire: IT Industry Intelligence

A Sun Microsystems Inc-backed initiative on secure network identity has taken its first steps towards supporting a specification from Microsoft Corp and IBM,

Gavin Clarke writes

.

The Liberty Alliance Project this month had a presentation from VeriSign Inc, a co-author of WS-Security with Microsoft and IBM, with a view to including the XML-based specification in its own planned specifications.

The move signals an further easing of tensions between Palo Alto, California-based Sun and the industry-backed Liberty, and IBM and Microsoft, both absent from Liberty and pursuing separate security policies.

Liberty's interest comes after Sun agreed to endorse WS-Security's submission to the Organization for Advancement of Structured Information Standards (OASIS) last week.

That decision followed months of hostility between the vendors. Sun was apparently excluded from the formation of the Web Services Interoperability (WS-I) organization, which was backed by IBM and Microsoft.

Sun formed Liberty as Redmond, Washington-based Microsoft announced plans for a federated Passport. Prior to VeriSign's Liberty presentation this month, talks had taken place between Microsoft and Liberty members who were concerned both camps would develop specifications minus interoperability.

Bob Sutor, IBM's director of e-business standards, told ComputerWire he hoped Liberty would adopt WS-Security in its own specifications. A first set of Liberty specifications for a federated network single sign-on are due next month.

"We strongly hope Liberty will adopt WS-Security. The hope is that in time, the threads will come together to get a single standard," Sutor said.

A Liberty spokesperson said while members had received a presentation, an "official" analysis by a technical committee has not yet begun. "The Alliance will look at any open standards based technology for applicability within future versions of the Liberty Alliance specifications," the spokesperson said.

Sutor said last week's submission of WS-Security to OASIS could ensure other industry initiatives, such as Security Assertion Markup Language (SAML), also adopt elements of the specification. This would ensure SAML's XML-based security assertions work with WS-Security.

WS-Security provides a framework for different security assertions and certificates, such as SAML, Kerberos, 501 certificates and PKI. SAML has been developed at Oasis by 12 vendors including Baltimore Technologies Plc, RSA Security Inc and Novell Inc. Authors have developed a version that works with Simple Object Access Protocol (SOAP) and are already adapting this to work with WS-Security. The first public demonstration of SAML 1.0 is expected at the Catalyst Conference in San Francisco, California, on July 15.

Eve Maler, co-ordinating editor of the SAML specification, supported inclusion of WS-Security. "WS-Security has the potential for raising the security of web services security while SAML provides the guts. SAML is just one of the things WS-Security could wrap around it," Maler said.

One advantage of submitting WS-Security to Oasis will be the ability to flesh-out the basic specification. Sutor believes the existing specification is currently too generic in the way it integrates with assertions.

WS-Security is the first in a number of WS- specifications covering policy and trust, among other areas, proposed by IBM and Microsoft. No date is yet set for their submission to an independent standards body, although Sutor said policy level specifications would likely be next with specifications for federation following.

© ComputerWire

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.