News Stay informed about the latest enterprise technology news and product updates.

New Liberty Alliance president: Open specs work

George Goodman, the director of Intel's Visualization and Trust Lab, was recently elected the new president of the Liberty Alliance Project's management board. The Liberty Alliance Project is an organization working to create open standards and business guidelines for federated identity management and Web services. The alliance has recently added some big names to its list of members -- IBM, Intel and Oracle signed up last year -- and has progressed significantly on many fronts since its founding in 2001. In this interview, Goodman looks at some of the alliance's milestones, including work done on the Identity Federation Framework (ID-FF), which has been broadly used in real world implementations. He looks at Liberty's "conformance approach," which allows adopting organizations to determine a product's compliance with the Liberty specs, and also discusses the integration of the ID-FF into the much broader SAML (Security Assertion Markup Language) 2.0 release, coming out in early 2005.

George Goodman
What are your goals this year as president of the Liberty Alliance?
I want to help the management board define the alliance's vision looking forward. The alliance has been quite successful, certainly before the time Intel joined [in July 2004]. It has been successful in defining identity standards from a specifications point of view, as well as spearheading the idea of creating guidelines for helping roll out the identity federation, as we call them, 'circles of trust'.

What I want to see the alliance do this year is address what's important for us to do beyond what we've done in the Federation Framework, which is now incorporated into SAML 2.0. What's going to be important for us to do [is] to enable our adopting efforts in other organizations in the world, to not only achieve identity federation, but then build useful services on top of it. How do the Liberty Web services security specs relate to the WS-* specifications?
Liberty also has an ID-WSF [Identity Web Services Framework], which some people view as potentially being competitive with the WS-* work. One of my goals as president of the alliance is to help us find ways to move toward convergence so that we don't have duplication between multiple Web services standards, but instead we take advantage of the strong points of each other's specification work.

Having IBM aboard [IBM joined in October 2004] is a hopeful sign for me because they certainly aren't giving up on WS-*. They have the joined the alliance, and I'm looking forward to further discussions on how we can move toward a more converged set of standards among the efforts.


Read about recent pressure to submit the WS-* specifications to a standards body


Read this interview with Burton Group's Anne Thomas Manes on Web services specs

Is the existence of competing specifications the biggest threat to widespread Web services adoption and implementation? Do you communicate with competing groups, and what steps are you taking to avoid this overlap?
I do think that it will slow down adoption of Web services. There are going to be organizations that make the move to a service-oriented architecture regardless; (however), the harder you make it for someone, the less likely it is that you'll have a larger number of people adopting. If you have too many choices, you're going to have people standing in the aisle, waiting until somebody makes a choice for them.

When Intel joined the alliance, we wanted to make sure, going forward, that the federation standards comprised very robust, capable platforms, as well as very simple, client platforms.

Liberty is a collection of companies and some of our large adopter companies are large customers of Microsoft or IBM, for instance. They have been encouraging in the alliance, as well as in their discussions with the vendors -- Microsoft, IBM or others -- that we work toward a more coordinated and smaller set of standards. EBay recently retired its support for Microsoft Passport, which represents a significant downsizing of the Passport network. Does this represent a victory for open standards and the industry-backed Liberty Alliance?
I can't speak to a whole lot of the history through personal experience. I think that the rivalry between Passport and Liberty federation standards has certainly been kept warm by some of the technical media. Yes, there are developers who look at it that way, but the alliance is a lot more than just the single sign-on stuff and the alliance was working on standards; Passport was a service. Microsoft makes its own decisions with regard to businesses they'll pursue, and Passport is a business [for Microsoft].

In my view, Liberty, as well as Microsoft and others associated with Microsoft, and others that work with them in the WS-* efforts, clearly support identity management. I think there are plenty of opportunities to still converge and produce the number of different standards that need to be supported in the world. But I don't see any change in Microsoft's direction on Passport, as being a direct reflection, one way or the other, on Liberty. Why has Microsoft been reluctant to join the Liberty Alliance?
I'm not Bill Gates or Steve Ballmer, so I can't really speak for them. I know that as operating systems providers, they are very interested in maintaining control of the things they see as important to their operating system.

I know that one of their views is that the best way the specification process works for them is when they have a great deal of control over it themselves, perhaps along with a small number of other companies, and that's the approach they've taken with the WS-* standards.

Liberty has taken more of an open approach in whom we sign up as a sponsor. I've even heard the arguments that Microsoft makes its sign-up [under the philosophy] that you should be able to make faster progress if you keep greater control over the process for defining [the specifications].

On the other hand, I look at the success of the Liberty Alliance -- creating [and updating] the federation framework, integrating it into SAML 2.0 and supporting our members, as well as non-members, in doing implementations -- and it seems to me that our open specification process has worked pretty well.

I don't see any change in Microsoft's direction on Passport, as being a direct reflection, one way or the other, on Liberty .

George Goodman
PresidentLiberty Alliance
Can you talk a bit about SAML 2.0 and where it stands in terms of official ratification?
Goodman: SAML 2.0 is not actually complete and signed off on. They were targeting it at the end of 2004 or at the beginning of 2005. It is within weeks [of ratification].

SAML is bigger than identity federation [the specification unifies Liberty's federation work with single sign-on established in version 1.0]. It had previously been a separate set of profiles and specifications that rode alongside SAML. So people would basically, by reference, pick up IDF 1.1, for instance, from Liberty and they would take that specification and make use of SAML 1.0 or 1.5. And now they travel together so that makes it easier for people to adopt the both of them. Liberty shipped Web services specifications in 2003 and several member organizations have implemented projects based on these specifications. Can you describe some of these case studies and why certain verticals might be interested in them?
You will see a set of case studies coming out here in the first half [of 2005]. I'll point to one that was quite public, announced close to last September, which was a rollout of a federated identity system by the French government, in cooperation with France Telecom, and based on an IBM product, prior to IBM joining the alliance. So I would point to that and ask that people look forward to the case studies that we will have coming out in the first half. What's the goal of these case studies?
Goodman: I would hope that companies would look as these as demonstrative of what can be accomplished. They will document best-known practices for the adoption and rollout of federated identity systems. And, given that they are case studies, one of the things that I think they will show specifically within the vertical or industry focus of the organization is how this can be helpful in the running of their daily business or services, in the case of the government.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.