News Stay informed about the latest enterprise technology news and product updates.

SAML declares victory, closes in on a billion IDs

The Liberty Alliance estimates that it will issue more than one billion SAML federated identities before the end of the year and now claims it has become the de facto identity management standard for Web services.

By the end of this year, there will be one billion identities and devices using the SAML 2.0-based Liberty identity standards, according to the Liberty Alliance.

 So if you talk about Liberty versus Passport, Liberty clearly won.
Randy Heffner
Vice PresidentForrester Research, Inc.

Liberty Federation, which consists of the open ID-FF (Identity Federation Framework) 1.1, 1.2 and SAML (Security Assertions Markup Language) 2.0 specifications, is now the de facto identity standard for architects and developers working on SOA and Web services applications, says Roger Sullivan, vice president of the Liberty Alliance management board and vice president of business development for Oracle Corp.'s identity management products. He argues that competing standards, such as WS-Federation, have failed to gain market traction because little of it is open source and thus it lost the battle.

"Effectively the war is over," Sullivan says. "For developers the identity management infrastructure is now in place for innovative applications."

However, Randy Heffner, a vice president with Forrester Research, Inc., isn't so sure we have reached peace in our time in the Web services standards wars. However, he does credit Liberty Federation with trumping the as yet largely unrealized WS-Federation vision of Microsoft in its Passport product. Since IBM joined Liberty this past year, Microsoft is the lone giant that has refused to join the Alliance, the analyst says. Microsoft still clings to the idea that it will come up with something someday, he notes, but it hasn't happened yet. "So if you talk about Liberty versus Passport," Heffner says, "Liberty clearly won."

Sullivan argues that Web services application developers want open standards and it was the lack of openness that doomed the original Microsoft Passport. Openness is the reason Liberty Federation has achieved what he terms "viral" growth leading to the one-billion projection, Sullivan argues.

He acknowledges that the one billion figure does include double touches, duplications where the same person with the standard implemented on their cell phone and wireless notebook would count as two. So there will not yet be a billion users at the end of the year, but anticipating continued viral growth, Sullivan does not think it will take long now that the tipping point has been reached for the number of actual human users to hit the billion mark.

Gerry Gebel, senior analyst with the Burton Group, calls the one billion projection "a very important number." He says, "It's definitely a significant number and a concrete sign of maturity for the standards." He says Burton is seeing strong interest in federation from its clients based on the Liberty standards and the confidence developers have in the latest SAML standard.

Describing himself as "bullish" on Liberty Federation, Sullivan predicts that as its implementation continues to grow exponentially it may create a global economic boom similar to the one the was the unexpected consequence of overbuilding fiber optic cable during the dot-com heyday. The resulting inexpensive long distance connectivity brought workers in India, for example, into the global economy staffing call centers and IT support organizations.

The ability to build Web services applications based on a standard for a billion or more authenticated users all over the world could produce another boom, Sullivan argues.

Again Heffner is more cautious about the future saying that standards for Web services development have yet to be worked out, but he believes the Liberty standard and especially ID-FF is something architects and developers can include in "reasonable planning."

"ID-FF is a safe bet," the Forester analyst says. "You'll get support for it. There will be products that work with it."

As developers begin to work with Liberty Federation, Sullivan envisions the first enterprise-level products will come in the financial services, manufacturing and government sectors. For example, a manager walking through an airport will be able to update an inventory database from a cell phone.

For more information

Check out our XML Security Learning Guide

Learn more at our sister site,

"The technology to do that is in place today," Sullivan says.

Sarbanes-Oxley compliance, an area where business and government applications intersect is "all about authentication," he says. This will be a major use of the standard not only in the U.S., but also in Japan where a similar law is set to go into effect.

On the consumer side, he points to America Online as an early adopter. It is using Liberty Federation for its Radio AOL services providing online radio stations and music downloads to its subscribers.

For those who want to follow further developments in the Liberty Federation story, the alliance also announced that it has started a news site, including with information on deployments, vertical segments and product descriptions, at.

Dig Deeper on Topics Archive

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.