Liberty Alliance proposes Web security standards
LAP dancing at the OASIS
A set of Sun Microsystems Inc-backed web services security specifications could soon pass to a standards-body backed by IBM and Microsoft,Gavin Clarke writes
Liberty Alliance Project members have discussed submission of their specifications to the Organization for the Advancement of Structured Information Standards (OASIS).
A Liberty spokesperson told Computerwire on Friday a decision has not been reached but more information would be provided at a later date.
Liberty is expected to unveil the hotly anticipated XML-based specifications at a press event today in San Francisco, California. The specifications will provide federated, single sign-in to web services so users do not require multiple passwords.
Submission to OASIS would help further ease months of standoff and tension between Liberty co-founder Sun and IBM and Microsoft Corp.
IBM and Microsoft have shunned Liberty despite the group's considerable vendor and customer backing. Microsoft announced a federated version of Passport - called .NET Passport - last Fall.
The companies also pursued their own web services security roadmap outlined in April with specifications for - among other things - federation, authorization, privacy and policy. WS-Security, co-authored with VeriSign Inc, is the first deliverable.
An easing of tensions was recently signaled when Palo Alto, California-based Sun agreed to endorse WS-Security's submission to OASIS, where the specification will receive broader industry input. Seventeen companies have agreed to participate in WS-Security since that submission, according to IBM.
IBM encourages submission of the Liberty specifications along with WS-Security to OASIS. IBM's director of e-business standards Bob Sutor told Computerwire this would help ensure elements of both are merged in an atmosphere of co-operation. He said the biggest obstacle for web services is not technical, but political.
"We think we could bring the industry under one roof and cut through the politics which everyone is sick of," Sutor said. "The challenge is getting past the politics."
A hint of stand-off remains, though, as IBM has no plans to join Liberty. Sutor said that would not be necessary if Liberty's specifications passed to OASIS.
Sutor welcomed today's publication of Liberty's specifications. He said this meant IBM and others could read and possibly adopt the specifications. "We want to know what their plans are," Sutor said.
OASIS is seen as an ideal location based on its track record in web services security specifications. Members are building the Security Assertion Mark-up Language (SAML) expected in November and due to be demonstrated by IBM's Tivoli business and others today in San Francisco.
Sutor added other specifications in the joint IBM-Microsoft web services security road map could also pass to OASIS. He said, though, planned specifications for workflow, business process and transaction could possibly go to other independent standards groups such as the World Wide Web Consortium (W3C) or Object Management Group (OMG).
Sponsored: Today’s most dangerous security threats