Microsoft, IBM advance Web services spec

Building on their previous efforts to create a framework for producing secure and interoperable Web services, IBM, Microsoft, and several other leading software companies on Tuesday will announce a specification intended to help corporate users simplify identity management.

The proposed WS-Federation specification features a set of Web services technologies intended to give developers a standard way of adding security capabilities to any Web service they build. The specification defines mechanisms that allow developers to manage and establish trust relationships across companies and domains using a variety of different types of security solutions, including support for federated identities, according to company officials.

"This will let companies tie their identity systems to each other in a way that lets them trade information back and forth about users and systems and then federate that data across the Internet no matter what security infrastructure they are using," said Steven VanRoekel, Microsoft's director of Web services, in Redmond, Wash.

By allowing corporate users with a variety of security solutions to interoperate, administrators can afford to authenticate a single employee just once, allowing that employee to work with Web services available from his or her company as well as those of the company's business partners.

"What this will do is provide a way for trust relationships to be established," said Carla Norsworthy, director of dynamic e-business technologies at IBM in Somers, N.Y.

"Users can carry out federate identity and not inconvenience users with remembering lots of passwords, [and] administrators can now do this on policy-based systems,'' Norsworthy said.

In April of last year IBM and Microsoft laid out a road map called "Security in a Web services World," which laid out the framework of specifications for WS-Federation. The WS-Federation specification builds on the foundation WS-Security, which includes WS-Policy, WS-Trust, and WS-SecureConversation. Working together, these specifications are intended to enable a complete model of security functions for Web services.

In a related announcement, Microsoft and IBM also are delivering a white paper entitled, "Federation of Identities in a Web Services World."  The white paper outlines the challenges associated with federated identity management as well as describes a Web services model that allows companies to issue and rely on information from other companies and domains. This new model also allows them to broker trust and attributes across domains in a more secure manner so as to maintain individual and business privacy, officials from the companies said.

IBM and Microsoft officials will be accepting feedback on the specification from across the breadth of the development community and expect to present the completed specification before industry groups deliberating on Web services such as the Web Services Interoperability (WS-I) and others "in the next several months."

During a keynote at the Burton Group's Catalyst conference in San Francisco on Tuesday, IBM will demonstrate early implementations of interoperability across IBM and Microsoft systems using WS-Federation. Norsworthy said IBM expects to deliver products based on the specification "towards the end of this year."

"I see this as the linchpin spec that explains how all the other pieces fit together. However, we still have specifications on privacy and authorization left to complete, but this one really pulls the whole picture together," Norsworthy said.

Microsoft will also show off early versions of the specification at this week's conference and will also deliver initial products that take advantage of the completed specification by the end of 2003, according to VanRoekel.