Feeds

IBM, Microsoft and Liberty: together at last

In Software We Trust

  • alert
  • submit to reddit

Security for virtualized datacentres

ComputerWire: IT Industry Intelligence

A Sun Microsystems Inc-backed initiative on secure network identity has taken its first steps towards supporting a specification from Microsoft Corp and IBM,

Gavin Clarke writes

.

The Liberty Alliance Project this month had a presentation from VeriSign Inc, a co-author of WS-Security with Microsoft and IBM, with a view to including the XML-based specification in its own planned specifications.

The move signals an further easing of tensions between Palo Alto, California-based Sun and the industry-backed Liberty, and IBM and Microsoft, both absent from Liberty and pursuing separate security policies.

Liberty's interest comes after Sun agreed to endorse WS-Security's submission to the Organization for Advancement of Structured Information Standards (OASIS) last week.

That decision followed months of hostility between the vendors. Sun was apparently excluded from the formation of the Web Services Interoperability (WS-I) organization, which was backed by IBM and Microsoft.

Sun formed Liberty as Redmond, Washington-based Microsoft announced plans for a federated Passport. Prior to VeriSign's Liberty presentation this month, talks had taken place between Microsoft and Liberty members who were concerned both camps would develop specifications minus interoperability.

Bob Sutor, IBM's director of e-business standards, told ComputerWire he hoped Liberty would adopt WS-Security in its own specifications. A first set of Liberty specifications for a federated network single sign-on are due next month.

"We strongly hope Liberty will adopt WS-Security. The hope is that in time, the threads will come together to get a single standard," Sutor said.

A Liberty spokesperson said while members had received a presentation, an "official" analysis by a technical committee has not yet begun. "The Alliance will look at any open standards based technology for applicability within future versions of the Liberty Alliance specifications," the spokesperson said.

Sutor said last week's submission of WS-Security to OASIS could ensure other industry initiatives, such as Security Assertion Markup Language (SAML), also adopt elements of the specification. This would ensure SAML's XML-based security assertions work with WS-Security.

WS-Security provides a framework for different security assertions and certificates, such as SAML, Kerberos, 501 certificates and PKI. SAML has been developed at Oasis by 12 vendors including Baltimore Technologies Plc, RSA Security Inc and Novell Inc. Authors have developed a version that works with Simple Object Access Protocol (SOAP) and are already adapting this to work with WS-Security. The first public demonstration of SAML 1.0 is expected at the Catalyst Conference in San Francisco, California, on July 15.

Eve Maler, co-ordinating editor of the SAML specification, supported inclusion of WS-Security. "WS-Security has the potential for raising the security of web services security while SAML provides the guts. SAML is just one of the things WS-Security could wrap around it," Maler said.

One advantage of submitting WS-Security to Oasis will be the ability to flesh-out the basic specification. Sutor believes the existing specification is currently too generic in the way it integrates with assertions.

WS-Security is the first in a number of WS- specifications covering policy and trust, among other areas, proposed by IBM and Microsoft. No date is yet set for their submission to an independent standards body, although Sutor said policy level specifications would likely be next with specifications for federation following.

© ComputerWire

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.