Software // Enterprise Applications
07:44 PM

SAML: New Identity-Sharing Standard Builds On Trust

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems.

Southwest Airlines Co. and Boeing Co. are flying together in an ambitious Web initiative to give Southwest mechanics easier access to Boeing's electronic aircraft maintenance documentation. In the process, they're providing one of the first real-world tests of the new Security Assertion Markup Language to pass identity and access information from one company to another.

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems. That could offer a blueprint for business-to-business single-sign-on initiatives.

To keep its fleet of more than 380 Boeing 737s flight-ready, many of Southwest's 1,300 mechanics need to access Boeing's technical documents, which are available through the aircraft maker's Web portal, MyBoeingFleet. But Boeing wanted each Southwest mechanic to remember a separate user name and password to access the documentation. Barry Smithley, manager of maintenance programs for Southwest, worried that mechanics would forget the passwords. "The documents had to be easy to access," he says.

Last year, Southwest began deploying NetPoint, an identity-management application from security vendor Oblix Inc., for internal employees to log on. Because NetPoint and Boeing's systems support SAML, Brian Buege, Southwest's manager of applications frameworks, says the companies saw a way to bypass the separate logon IDs and passwords. "What we were going to do is build upon the implicit trust that has existed between our organizations for a long time," he says. "For Boeing to agree that it would accept that people logging in from our domain are who we say they are is a big statement of trust on their part."

Boeing, Southwest, and Oblix began deploying the system, which now supports 300 mechanics, several months ago. When they log on to the Southwest site using their Southwest credentials, users get encrypted, SAML-ready cookies. When mechanics need to access Boeing documentation, they click on links in Southwest's portal. Then a digitally signed SAML "assertion," which contains data about the mechanic and what he or she can access, is created. The assertion is sent to and vetted by Boeing's system for access to the requested manuals.

For Southwest, it's less likely that a repair will be delayed because of forgotten passwords. Says Smithley: "That's a sad excuse for not getting an airplane to the gate on time."

Return to main story, No Time To Relax

Illustration by Richard Downs

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Everyone wants a well-educated, successful workforce but just how do you get one? And what, precisely, do you think you can do with it? To answer those and other questions, George Colombo had a conversation with Elliott Masie, head of The MASIE Center, a Saratoga Springs, NY think tank focused on how organizations can support learning and knowledge within the workforce.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.