With four major players in the monitoring, mobile, broadband and application security markets passing its latest round of federated identity interoperability testing, the Liberty Alliance is claiming "the big mo" for SAML 2.0.
SAML, short for Security Assertion Markup Language, had its 2.0 version ratified by OASIS in March. Liberty Alliance's goal is to make sure as many vendors as possible are able to push SAML across their product lines.
"Interoperability has become a necessity," said Roger Sullivan, vice president of business development for Oracle Corp.'s identity management solutions and chair of the Liberty Alliance Conformance Expert Group. "The very nature of federation requires at least two companies to interoperate with each other. The standard will only work if you're able to plug and play with any other access point in your network."
The four products passing the latest round of interop testing in Tokyo were IBM's Tivoli Federated Identity Manager, NEC Corp.'s Mobile Internet Platform, NTT Communication Inc.'s I-dLive identity federation tool for broadband network services and RSA Security Inc.'s Federated Identity Manager. In order to prove interoperability a product must be able to share a given SAML profile with at least two other vendors at the event.
Oracle and Sun Microsystem Inc. passed SAML 2.0 interop testing in July and currently Liberty boasts more than 70 products which have received SAML certification.
"The goal is to make this the de facto standard for federation," Sullivan said.
SAML is hardly alone in that goal. OASIS recently built a committee around a family of new security standards. While the still-developing WS-Federation specification did not enter with the rest of the group, it is expected to follow on their heels next year.
Some have speculated that the emergence of the WS-Federation could cause a standards battle at some juncture with SAML, but Sullivan called that "a lose-lose scenario."
"If the standards don't converge then the vendors will have to work with both standards," he said. "It's not going to be one or the other. It will have to be both."
Microsoft and IBM have been active in the creation of WS-Federation. While Microsoft currently has not sought out SAML certification for its products, IBM took part in this latest event and the Tivoli product now boasts SAML support in addition to support for the current form of WS-Federation.
As new Web services security standards get ratified, Sullivan vowed that SAML would "adopt, co-opt and leverage" them where possible.
"We don't want to duplicate the good work that's being done out there in the standards community," he said.