SAML: New Identity-Sharing Standard Builds On Trust - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
07:44 PM

SAML: New Identity-Sharing Standard Builds On Trust

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems.

Southwest Airlines Co. and Boeing Co. are flying together in an ambitious Web initiative to give Southwest mechanics easier access to Boeing's electronic aircraft maintenance documentation. In the process, they're providing one of the first real-world tests of the new Security Assertion Markup Language to pass identity and access information from one company to another.

SAML lets Southwest mechanics log on to Boeing's portal and access electronic versions of repair manuals using the same logon information they use when signing on to Southwest's systems. That could offer a blueprint for business-to-business single-sign-on initiatives.

To keep its fleet of more than 380 Boeing 737s flight-ready, many of Southwest's 1,300 mechanics need to access Boeing's technical documents, which are available through the aircraft maker's Web portal, MyBoeingFleet. But Boeing wanted each Southwest mechanic to remember a separate user name and password to access the documentation. Barry Smithley, manager of maintenance programs for Southwest, worried that mechanics would forget the passwords. "The documents had to be easy to access," he says.

Last year, Southwest began deploying NetPoint, an identity-management application from security vendor Oblix Inc., for internal employees to log on. Because NetPoint and Boeing's systems support SAML, Brian Buege, Southwest's manager of applications frameworks, says the companies saw a way to bypass the separate logon IDs and passwords. "What we were going to do is build upon the implicit trust that has existed between our organizations for a long time," he says. "For Boeing to agree that it would accept that people logging in from our domain are who we say they are is a big statement of trust on their part."

Boeing, Southwest, and Oblix began deploying the system, which now supports 300 mechanics, several months ago. When they log on to the Southwest site using their Southwest credentials, users get encrypted, SAML-ready cookies. When mechanics need to access Boeing documentation, they click on links in Southwest's portal. Then a digitally signed SAML "assertion," which contains data about the mechanic and what he or she can access, is created. The assertion is sent to and vetted by Boeing's system for access to the requested manuals.

For Southwest, it's less likely that a repair will be delayed because of forgotten passwords. Says Smithley: "That's a sad excuse for not getting an airplane to the gate on time."

Return to main story, No Time To Relax

Illustration by Richard Downs

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll