XML Drives ID Management Systems

Those implementing services must master the standard.

Once you get past all the politics and hype over competing identification management efforts, one fact is pretty clear: Underneath it all, these systems are very similar.

The main technology driving all Web services identification management efforts—as well as enterprise-based single-sign-on and ID management systems—is the XML standard.

XML is the default method by which Web services and applications are developed and the means by which services share data with partners. And all the key Web services technologies—including Simple Object Access Protocol and Web Services Description Language—are themselves based on XML.

Any business pursuing Web services should have a deep understanding of XML and all current and forthcoming standards related to it.

Speaking of forthcoming standards, one that is soon to be final and clearly the leading option for handling authentication and single sign-on for Web services is SAML (Security Assertion Markup Language).

SAML combines most of the previous work on XML-based authentication for Web services into a technology that can be used for user log-ins and automated machine-to-machine authentication. Because SAML is XML-based, it should be easy to develop to and should easily integrate with any Web services.

However, Web services based on early versions of SAML will be incompatible with the final version, and Microsoft Corp., among other vendors key in the Web services area, is not on board. Both of these issues could impede the acceptance of SAML.

If all authentication schemes used open standards and all businesses developed Web services using XML and script-based tools, the world would be a very interoperable space.

However, Microsoft has already gone at least partly proprietary with its Passport system, and differences among authentication systems will likely continue for some time. This will force many businesses to build infrastructures that can support multiple authentication methodologies.

The Liberty Alliance, led by Sun Microsystems Inc., promises more interoperability, but technical details about the system are in short supply right now.

However, given the fact that Sun happens to be one of the backers of SAML, there is a good chance that the Liberty Alliance solution will make heavy use of SAML and other open standards.

East Coast Technical Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.