Eight vendors got the Liberty Alliance's SAML 2.0 stamp of approval after their products passed a rigorous round of compatibility testing last month. This means a growing list of choices for companies looking to adopt federated identity management technology, according to Roger Sullivan, vice president of Oracle's Identity Management Solutions division and chairman of Liberty Alliance's Conformance Expert Group.
"This marks a significant advancement for organizations looking to deploy open identity solutions based on SAML 2.0 specifications," Sullivan said. "As organizations increasingly migrate to SAML 2.0 technologies, they can count on products that have passed Liberty's interoperability testing for faster and more successful deployments."
This was the first time Liberty Alliance -- a global consortium of vendors and users working to develop open federated identity standards for Web services -- tested products specifically for Security Assertion Markup Language (SAML) 2.0 compatibility. SAML 2.0 passed a series of interoperability tests and was ratified by the Organization for the Advancement of Structured Information Standards (OASIS) earlier this year. On its Web site, OASIS said SAML 2.0 "adds key functions to create and manage federated networks that combine and appropriately share pre-existing repositories of identity information."
Liberty Alliance conducted the testing in Piscataway, N.J., July 25-29 and gave passing marks for SAML 2.0 interoperability to the South Korean Electronics & Telecommunications Research Institute, Stockholm-based Ericsson; Waltham, Mass.-based Novell; Redwood Shores, Calif.-based Oracle; Belmont, Calif.-based Reactivity; Santa Clara, Calif.-based Sun Microsystems; Chicago-based Symlabs; and Santa Clara, Calif.-based Trustgenix Inc.
"These vendors were exceptionally well prepared," Sullivan said. "They brought ready products to the table that ran smoothly throughout the testing. Nobody failed." He said the next round of testing is planned for November in Tokyo.
Making the grade
As part of the testing, companies had to demonstrate interoperability with at least two other randomly selected participants. "The program requires repeated operation of the Liberty specifications' core features in many combinations and sequences and in different roles and contexts common to real-world deployments," the alliance said on its Web site.
The following products passed:
- The Electronics & Telecommunications Research Institute's ETRI SAML 2.0 Toolkit, a Web SSO library with federated identity capabilities.
- Ericsson User Session and Identity Server (USIS), which provides federated identity framework infrastructure for telecom operator services.
- Novell Identity Provider, a component of Access Manager, to be released in early 2006. It will provide customers with access management based on federation for both Web and enterprise applications.
- Oracle Identity Management, an identity and access management infrastructure solution designed to safeguard information, critical systems and applications against unauthorized access.
- Reactivity XML Gateways, designed to secure, manage and optimize XML traffic with federated identity capabilities.
- Sun Microsystems' Sun Java System Access Manager and Sun Java System Federation Manager 7.0
- Symlabs SLIM version 2.9 Federated Identity Management product
- Trustgenix IdentityBridge, an enterprise and carrier-grade federated identity management software application.
The Liberty Alliance Web site has additional details on the passing companies and products.
Breaking the federated log jam
Skeptics of federated identity management say the technology is too young for widespread use; that countless legacy applications would have to be adjusted for everything to work right. Advocates believe it's is the best way to securely authenticate users and prevent online thieves from impersonating others while they commit cybercrimes. With the development of standards like SAML 2.0, they believe the technology's time has come.
"People know SAML 2.0 has been around the corner, so they've held back from federating with new clients," Sullivan said back in April, when the July testing was announced. "But with this testing, you're going to see that logjam break free, because it will pave the way for more products that incorporate the standard."
Jahan Moreh -- a member of OASIS' Security Services Technical Committee, which has overseen development of SAML 2.0 -- has called Liberty Alliance's testing program an example of the two organizations working together to advance federated identity management.