Liberty Alliance releases second version of Web ID spec

Source: Liberty Alliance

Liberty Alliance, the global consortium for open federated identity standards and identity-based Web services, today announced the public draft release of ID-WSF 2.0, a second-generation framework for identity-based Web services.

The publicly available framework has been extended to include support for SAML 2.0, specifically defining how SAML 2.0 assertions can be used to communicate identity information among identity-based Web services. Today's news reflects the ongoing cooperation Liberty Alliance maintains with OASIS and other global standards organisations, integrating recognised open standards into Liberty specifications and helping to drive convergence of identity specifications. As developers increasingly migrate to SAML 2.0, they can now, or at any time in the future, implement ID-WSF specifications to more easily and securely manage interoperable identity-based Web services.

"Successful identity management has become a critical factor in application development and the necessary foundation for deploying all Web services," said George Goodman, president of Liberty Alliance's management board and director of Intel's Visualization and Trust Lab. "These specifications provide a blueprint for driving convergence between federated identity and Web services specifications, a necessary step to complete interoperability."

Gerry Gebel, senior analyst with Burton Group, added, "SAML 2.0 is a significant convergence point in the evolution of federation standards. It's important that vendors and other organisations involved in the standards development process provide a clear roadmap to support this latest version of SAML."

A Phased Approach Supports Rapid Deployment

Today's news is part of a Liberty Alliance roadmap for WSF 2.0 specifications that are being released in phases to accommodate rapid industry deployment. The first phase is focused on SAML 2.0 support. The second and third phase, which are expected to be completed in full by the end of 2005, include several significant new features, designed to give implementers even greater depth of functionality including the capability to leverage custom Web services, as well as those being developed in the services groups within Liberty Alliance.

The specifications are based on guidance from Liberty's market requirements process, to which Liberty members contribute their use cases. Specific enhancements include:

  • Subscription/Notification: Permits Web service consumers to subscribe to automatic notices of changes from the Web services provider, automating the process and delivering benefit of ease and control to the end users
  • Groups: Offers support for those scenarios in which membership in a group (e.g. a soccer team, senior managers, etc) drives/impacts the consumers' online interactions, allowing implementers to deliver enhanced services to end users
  • Principal Referencing: Allows users to create and maintain a list of those friends/colleagues with whom they wish to interact online (e.g. viewing photos, finding the location, sharing contact book info, etc), opening up significant new opportunities to personalize services and allow end users to easily customize their Web experience
  • Intelligent Client: Defines/profiles identity management mechanisms where the user device has enhanced capabilities, available if the device is on or offline, allowing Web services across a variety of devices and interoperability across systems, expanding the opportunity for additional types of strong authentication mechanisms, smart cards, SIM devices, etc.

History of the Liberty Alliance and Web Services

The Web services specification, first introduced in April 2003, is already in use at many organisations across the globe. The first interoperability compliance testing on the specification was completed in October 2004, at which time several companies illustrated support and compliance, including Hewlett-Packard, Nokia, Novell, NTT, Sun Microsystems and Trustgenix.

According to the 2004 Enterprise Web Services Survey by The Yankee Group, Web services adoption is still early in its lifecycle. Although 48 percent of the companies surveyed have already deployed Web services, 39 percent say they will be deploying Web services sometime within the next 12 months. For the majority of these Web services, identity will play a critical role.

Liberty's architecture provides a standardised identity layer on which such services can be built, assuring interoperability and flexibility for implementers, both inside and outside of corporate boundaries, as well as ease-of-use and a rich range of options for end users.

"Federation is the organising principle for Web services and the market clearly understands that relationship," said Goodman. "By driving the leading specifications in both federation, with our work with OASIS, and Web services, Liberty is once again demonstrating its vision and authority within the identity marketplace, and showing commitment to focusing on convergence whenever and wherever possible."

Comments: (0)