• SOAP 1.1—a specification authored by DevelopMentor, IBM, Lotus, Microsoft, and UserLand Software—transports a message between two points and can include extra information such as routing and the security mechanisms being used.
• WSDL 1.1—authored by Ariba, IBM, and Microsoft—is an XML-based language that provides a description of the message, the protocols used (SOAP 1.1 and HTTP 1.1, for example), and the address of the Web service. WSDL 1.1 is a complementary technology to SOAP since it contains a description of the SOAP messages being exchanged.
• The Universal Description, Discovery, and Integration (UDDI) specification—originally developed by Ariba, IBM, and Microsoft—enables companies and applications to quickly find Web services over the Internet and allows operational registries to be maintained for different purposes in different contexts. UDDI lists available Web services from different companies, gives their descriptions, and provides instructions for using them.
WS-Federation. IBM, Microsoft, BEA Systems, RSA Security, and VeriSign have developed WS-Federation, a security specification that replicates some of the features of the Web Services Framework (WSF) and the Security Assertion Markup Language (SAML) 2.0.
To date, WS-Federation has not been officially submitted for formal standardization. WS-Federation describes a standard technology framework for creating and authenticating user identities, then using Web services to share that identity within a company or with customers or business partners. Proponents say the specification would let companies using different security schemes do business securely, which would help facilitate e-commerce transactions, for example, when moving from an employee Web portal offering access to a health maintenance organization to one offering access to retirement account information.
"WS-Federation overlaps with functionality promised in SAML 2.0 and the Liberty Alliance specifications," said Sarvega's Juneja. "The good news here is that both specifications are still evolving based on the demands of the marketplace, so there will be some convergence."
Liberty Alliance. The Liberty Alliance Project is a consortium of more than 150 companies and nonprofit and government organizations from around the globe. Liberty Alliance is committed to developing an open standard for federated network identity that supports all current and emerging network devices. Key members include Sun, HP, Nokia, Intel, General Motors, and Novell.
A variety of companies use the Liberty ID-WSF specification, and some vendors and products have earned the right to display the Liberty Interoperable logo by passing a series of interoperability tests. With the Nokia WAP Gateway, for example, mobile phones can use Liberty Single Sign-On and Authentication by functioning as a Liberty-enabled proxy which provides access to external identity providers. General Motors is incorporating federal identity management and Liberty specifications within MySocrates, the employee intranet. America Online uses Liberty specifications to extend access to AOL's Internet broadcasting service, Radio@AOL, beyond the computer and into any room with a TV or stereo.
Federated identity allows users to link identity information between accounts without centrally storing personal information. Users can control when and how their accounts and attributes are linked and shared between domains and service providers, giving them greater control over their personal data. In practice, this means that users can be authenticated by one company or Web site and be recognized and delivered personal content and services in other locations without having to reauthenticate or sign on with a separate username and password. This provides a framework that helps large corporations interact with business partners and customers without re-entering credentials.
For example, Company A has several inventory and production applications within its portal and wants the employees of Company B to access these applications. Without a federated identity, A must manage the credentials, profiles, and logins of each employee from B. Federated identity allows employees from B to access A's applications without the burden of managing the identities. An employee who no longer works for B will be locked out of A's applications immediately without any identity management from A.
Sun and several other companies developed the Liberty Alliance Project's Web services security specification, portions of which were submitted to the OASIS Security Services Technical Committee in connection with work on the OASIS SAML 2.0 Committee draft. According to Patrick Gannon, president and CEO of OASIS, the specification is expected to be submitted to OASIS members for approval as a standard at the end of 2004. Gannon said the committee has also used this material to add features to SAML that provide some interoperability with the Liberty specifications.
"Liberty retains its separate existence as a project and organization, and OASIS members have indicated that they expect SAML to be compatible with multiple methods of identity management, not just Liberty," Gannon said.