Federated identity is beginning to gain some traction among corporations, according to a survey conducted by Ping Identity, a provider of federated identity management solutions and the founding sponsor of SourceID, an open source community focused on federation efforts, such as SAML, Liberty Alliance and WS-Federation.
The survey, gleaned from nearly 100 responses by registered downloaders of SourceID, showed a strong increase of federations in production, rising from 1 percent to 7 percent between the first and second quarters of this year. Over 50 percent of those surveyed thought they would engage in between 1 and 3 federations within the next 24 months. Only 6 percent surveyed anticipated participation in more than 10 federations in the same period.
Ease-of-integration and vendor interoperability were cited as the most important characteristics of federation products, with single-sign on (SSO) amongst partners cited as the primary use case desired.
Currently, SAML 1.1 is the dominant protocol used for federation. Vendors have announced support for the Liberty Alliance Liberty ID-FF 1.1, but few are shipping in a substantial way, according to Eric Norlin, senior vice president of marketing at Ping Identity. The survey indicated that interest in SAML 2.0 and WS Federation will begin to ramp up significantly in the latter part of 2004 and continue throughout 2005.
However, even with standards like SAML 1.1, interoperability problems crop up. Developers tend to create custom extensions or modify the code in a way that requires compliance testing and tweaking every time a node is added to a federation. Liberty Alliance is attempting to fix that problem. WS-Federation, according to Norlin, is very broad in its semantics, and doesn't become interoperable until profiles are defined that ride on top of the protocol.
The recent announcement at TechEd 2004 by Microsoft about combining its Active Directory and TrustBridge federated service teams could mean that federation activity will get a boost in coming months. Active Directory Federation Service (ADFS) adds federated identity support to Active Directory via Web services, especially those using the Microsoft-endorsed WS-Security and WS-Federation specifications. The ADFS technology will be part of a Windows Server release due next year.
"It's one thing to build products that are pieces of a solution. A solution built into Active Directory drives federation into a commodity very quickly," Norlin said.
You can write to me at dan.farber@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.
