Microsoft ends standoff against SAML 2.0

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test; the company previously shunned the protocol for WS-Federation

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol.

The eight-week multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants -- SAP and Siemens. Return testers Entrust, IBM, Novell, and Ping Identity also passed. Results were announced Wednesday.

[ Related: Microsoft's single sign-on platform was formerly named Geneva. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

11 security companies to watch

"The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others' SAML 2.0 implementations. This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft.

In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company previously supported the SAML token, but never the transport profiles of the protocol.

"It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases."

Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. The company says it plans to support other SAML profiles based on demand.

The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously. In addition, it was the first test to include an international group to test the eGovernment SAML 2.0 profile v1.5. The test featured the United States, New Zealand and Denmark.

"The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments."

"Full matrix" testing means all participants must test against each other. The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification.