SAML: New Identity-Sharing Standard Builds On Trust - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
7/24/2003
07:44 PM
50%
50%
RELATED EVENTS
Data Tells: Dissecting Every Day Data
May 31, 2017
Join us as the author of the book "Everydata: The Misinformation Hidden in the Little Data You Con ...Read More>>

SAML: New Identity-Sharing Standard Builds On Trust

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems.

Southwest Airlines Co. and Boeing Co. are flying together in an ambitious Web initiative to give Southwest mechanics easier access to Boeing's electronic aircraft maintenance documentation. In the process, they're providing one of the first real-world tests of the new Security Assertion Markup Language to pass identity and access information from one company to another.

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems. That could offer a blueprint for business-to-business single-sign-on initiatives.

To keep its fleet of more than 380 Boeing 737s flight-ready, many of Southwest's 1,300 mechanics need to access Boeing's technical documents, which are available through the aircraft maker's Web portal, MyBoeingFleet. But Boeing wanted each Southwest mechanic to remember a separate user name and password to access the documentation. Barry Smithley, manager of maintenance programs for Southwest, worried that mechanics would forget the passwords. "The documents had to be easy to access," he says.

Last year, Southwest began deploying NetPoint, an identity-management application from security vendor Oblix Inc., for internal employees to log on. Because NetPoint and Boeing's systems support SAML, Brian Buege, Southwest's manager of applications frameworks, says the companies saw a way to bypass the separate logon IDs and passwords. "What we were going to do is build upon the implicit trust that has existed between our organizations for a long time," he says. "For Boeing to agree that it would accept that people logging in from our domain are who we say they are is a big statement of trust on their part."

Boeing, Southwest, and Oblix began deploying the system, which now supports 300 mechanics, several months ago. When they log on to the Southwest site using their Southwest credentials, users get encrypted, SAML-ready cookies. When mechanics need to access Boeing documentation, they click on links in Southwest's portal. Then a digitally signed SAML "assertion," which contains data about the mechanic and what he or she can access, is created. The assertion is sent to and vetted by Boeing's system for access to the requested manuals.

For Southwest, it's less likely that a repair will be delayed because of forgotten passwords. Says Smithley: "That's a sad excuse for not getting an airplane to the gate on time."

Return to main story, No Time To Relax

Illustration by Richard Downs

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll