Digital Identity Standards

Digital identity federation requires a loosely coupled software architecture for automatically exchanging identity information between heterogeneous systems. Standards are essential for this process. We saw some of the foundational standards for this in Chapter 11. There are many more. Figure 12-1 shows the interrelationship among some of the various federation standards.

There are three primary groups creating standards for federation: an alliance between Microsoft and IBM, OASIS, and the Liberty Alliance.

Microsoft, IBM, and the WS-* Roadmap

In April 2002, Microsoft and IBM published a joint whitepaper outlining a roadmap for developing a set of web service security specifications. Commonly called WS-*, the specifications work in a modular fashion to build on each other to create an overall effect.[*]

The first jointly developed specification from IBM and Microsoft, WS-Security, offers a mechanism for attaching security tokens to messages, including tokens related to

The interrelationship among federation standards

Figure 12-1. The interrelationship among federation standards

identity. The roadmap described in the 2002 whitepaper included other specifications that support web services.

WS-Policy is a language for describing the security policy of a particular web service. For example, WS-Security can use several different security token systems such as SAML assertions or Kerberos tickets. Using WS-Policy, ...

Get Digital Identity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.