ID Standards: Rivals Develop Different ApproachesID Standards: Rivals Develop Different Approaches
Think of federated identities as single sign-on on steroids. A user logs on to a company's network, and that user's electronic identity is passed on and automatically trusted by another company's network.
March 13, 2004
The benefits of standards in the identity-management market are so great that many vendors and groups are working hard to develop them. But progress has been slow in reaching the ultimate goal: federated identities.
Think of it as single sign-on on steroids. A user logs on to a network at one company, and that person's electronic identity is then automatically trusted by another organization, and that user is able to access applications and information based on a predefined access policy. To accomplish that, the industry needs "standards and agreements that make identity and entitlements portable across autonomous domains," says Dan Blum, senior VP and research director of the application platform strategies practice at the Burton Group. Technology is moving in that direction. For years, companies have installed applications to automate the creation of employee electronic identities and grant them access to apps and network services, a process known as provisioning. They've also deployed applications to let customers and business partners access appropriate apps and information over the Web. But it takes a lot of work and integration to get various identity-management apps to exchange information on how they authenticate a user so one company can understand and trust information from another company using a different identity-management application. One group working to make it easier for businesses to share trusted electronic identities is the Liberty Alliance. Founded by Sun Microsystems, the group has more than 150 members and is trying to create open standards that can be used to create federated identities. It has released the Liberty Identity Federation Framework, a set of specifications designed to enable a single-sign-on process using a federated network identity. In November, it released a standard called ID-WSF, which is designed to let groups of trusted partners share information with other trusted partners. It also provides users with control over how their electronic identity information is shared. Another group, led by IBM, Microsoft, and VeriSign, is working on formulating its own set of specifications for federated identity, including WS-Policy and WS-Federation, which work with the WS-Security standard. Blum expects the various standards eventually to merge or interoperate. "The market will demand it happen," he says. "I'm very optimistic that the industry will get there." Return to main story, The Need For Identity Management Illustration by Viktor Koen
About the Author(s)
You May Also Like