Vendors are beginning to back the Liberty Alliance's identity specification. The alliance, a consortium that works on standards for federated identity, has announced that products from several major companies have passed recent interoperability tests.
The Liberty Alliance promotes SAML (Security Assertion Markup Language) 2.0, a web services and federated identity specification. Earlier this month in Tokyo, several vendors - including IBM, NEC and NTT - submitted products and services for anonymous testing and conformance with SAML 2.0, the organisation said.
Federated identity means allowing access to information between different organisations using secured networks. One such feature is single sign-on (SSO), in which the entry of a single user name and password can be used to access several linked websites.
A standard specification allows for different hardware to exchange security data to verify the person who requests it. While some major enterprises are using SSO, widespread adoption has been somewhat hampered by concerns over liability when part of the network fails.
Roger Sullivan, a Liberty board member and vice president of business development for Oracle's identity management solutions, said the passing of those products shows that SAML 2.0 is becoming a "de facto standard" and is gaining momentum for organisations seeking to federate identities.
"You've got to be open," Sullivan said. "You've got to be standards compliant."
Another set of protocols for web services and federated identity, WS-Federation, is supported prominently by Microsoft. Some vendors, such as IBM are providing support for both WS-Federation and SAML 2.0. IBM's Tivoli Federated Identity Manager supports SAML 2.0, as demonstrated in the Tokyo tests, as well as several WS-Federation protocols.
Oracle in general supports using standards for federated identity and also supports WS-Federation, Sullivan said. But its customers are preferring SAML 2.0, Sullivan said. "We are going to build what our customers want," he said.