Led by Microsoft Corp. and IBM, a group of companies Tuesday plans to announce a new Web services specification for handling security in Web services environments.
At the Burton Group Inc.s Catalyst conference in San Francisco, IBM, Microsoft, BEA Systems Inc., RSA Security Inc. and VeriSign Inc. will announce the publication of the WS-Federation specification, another in a series of standards IBM and Microsoft outlined in the Web services security roadmap they co-authored last year.
Karla Norsworthy, director of e-business technology at IBM, said WS-Federation enables developers to manage trust relationships across enterprises that use different types of security solutions.
“Were announcing the crown jewel of the Web services security roadmap, the Web services federation specification,” Norsworthy said. “That allows you to take companies or parts of companies with very different security solutions and different trust domains… Such as one might use Kerberos and one might use user ID and password. And you can make it really easy to allow a new user who is authenticated by one domain to be able to do business across a variety of companies and their Web services without requiring either the end user to re-authenticate or requiring a lot of bureaucracy from the participating companies. So these specifications are solutions that hold together Web services security [WS-Security], Trust [WS-Trust], the security part of Policy [WS-Policy] into allowing this kind of federation so that out clients can do successful business process integration and have the security part come easy.”
Steven VanRoekel, director of Web services at Microsoft said, “From a Microsoft perspective, this is the technology that will enable TrustBridge.” TrustBridge is Microsofts upcoming technology that will allow organizations to share user identities across business boundaries, the company said.
“WS-Federation is built to be extensible to utilize any broad range of identification mechanisms, like Passport, like SAML [Security Assertion Markup Language] or like anything else in between,” VanRoekel said.
Page 2
Meanwhile IBM will integrate WS-Federation into its WebSphere and Tivoli product lines, Norsworthy said.
In addition to the new specification, Microsoft and IBM will be demonstrating the specifications capabilities by showing two systems exchanging federated identity information across each distinct system. The example is an automotive system that involves a car dealer, an auto manufacturer and a parts dealer, Norsworthy said.
WS-Federation “is the piece that really enables you to see how what we set up with Trust and what we set up with Web Services Security and with the security part of Policy can all work together to allow customers to configure solutions that really allow them to have unlike security systems and have them interoperate,” Norsworthy said.
Added VanRoekel: “This is kind of a hallmark in that its a real burden that affects businesses in trying to really enable Web services to work outside the corporate boundaries is that this user information, identity information, wasnt really exchangeable in any sort of good way. So getting the real vision of Web services and heterogeneous computing, where you can have different disparate systems talking to each other… You really cant enable the advanced scenarios unless you have this technology. So I think weve reached a pretty major milestone here in delivering it.”