Converging federation standards?
Key members of the federated identity specification and standards gangs—OASIS, Liberty Alliance and the IBM/Microsoft led WS-* --met at Digital ID World 2005 today to discuss their different approaches to deriving specifications and the possibility of convergence.
Moderator Mike Neuenschwander of the Burton Group tried to locate any sensitive areas among the different parties, represented by George Goodman, Intel; John Shewchuk, Microsoft; Anthony Nadalin, IBM; Rob Philpott, RSA Security; and Bill Smith, Sun.
From left: Rob Philpott, RSA Security; Anthony Nadalin, IBM; Mike Neuenschwander, Burton Group
Philpott expressed concern that the workshop process used by the WS-* group takes too long to move specifications to standards bodies (like OASIS). From the audience, Scott Cantor (one of the architects of the open source, open standard Shibboleth initiative to develop an identity framework), questioned the openness of the specification writing process. To which panelists responded that specs are made public and anyone can comment. "After we achieve objectives and get specs to point, we heave it to open community--go for it, party on," Shewchuk said. That's true, but just like anyone can write a letter to the editor, some "writers" have more clout. And, Nadalin brought up the IP issue. If you provide formal feedback on a WS-* spec, you have to sign form that mandate the content is contributed royalty free to the organization, avoid potential licensing snafus and lawsuits down the road but also placing all the IP in one lap.
All the panelists agreed with Goodman, representing the Liberty Alliance along with Smith, that what matters is the quality of the specification, such as how it addresses use cases, how easy it is to implement, and how interoperable.
Shewchuk chimed in: “All of our specs are headed to open standards. The only debate is when to bring them to the standards process. We try to make specs all work together--we define a set of tests and when pass, we bring to them to the standards body.”
From left: John Shewchuk, Microsoft; Bill Smith, Sun; George Goodman, Intel
As in Jamie Lewis' presentation on the future of identity management, rather than a grand convergence of identity, federation and Web services standards, there will be multiple standards and specifications that must interoperate. Hence, a framework for supporting multiple systems is required.
Goodman said that convergence to a single standard would create an undesireable monoculture, but Philpott said that in the long term, the best solution for easy management of an environment is to move toward convergence. At the same time Goodman would like to see Microsoft join the Liberty Alliance (IBM joined in October 2004), but said that turning to some disinterested third-party won't solve the competing standards problem.
Goodman revealed that Liberty has been very focused over the last several months on making use of existing open standards. "We are finding ways to use WS-Addressing, for example, and we have adopted WS-Security. We would love to see convergence, but you have multiple vendors and people making progress in duplicative areas. So we focus on interoperability and convergence by making use of each others components where possible."
Shewchuk noted that Microsoft is trying to use Web services architecture to glue all of the company's internal technology together. For example, Longhorn will use WS-* to do discovery of devices, such as screens, printer and even Sun systems dropped into a Wintel network. "Internally, it's critical all those pieces have a consistent model. In terms of interoperability, we look at it on a point-by-point basis, but for internal technology it's one framework," Shewchuk said.
Compared to past years, the battles among the various groups tackling security and identity management standards has toned down. But, it will still take many more years to promulgate the benefits underlying the specs and standards.