Interoperability is the most significant challenge to any enterprise contemplating building an identity management infrastructure. As a result, there are a number of standards bodies working to build a common foundation in some of the areas of digital identity management that we’ve already discussed, including:
Integrity and non-repudiation
Authentication and authorization
Representing and managing authorization policy
This chapter briefly describes the problem domains and some of the standards being developed to address them. The idea is not to provide detailed tutorials on any standard, but rather to familiarize you with the ideas, concepts, and working models behind them.
This chapter will discuss several specific standards in these problem domains, including SAML, SPML, and XACML. Of these, SAML has wide industry adoption and the standard is well developed. The other two are not as widely supported. SPML has some adoption, but the standard is still undergoing transition and improvement. I’m not convinced that XACML, as it is defined now, will ever be widely adopted.
Why discuss standards that aren’t fully baked? Simply because such standards represent a class that fits a problem domain. If XACML doesn’t make it, something like it will. In Chapter 5, we discussed the digital identity management lifecycle. Figure 11-1 shows the lifecycle annotated with the name of a standard ...