IBM, Microsoft, BEA Systems, RSA Security and VeriSign have introduced WS-Federation, a specification designed to federate identities across corporate boundaries. What makes this plan so puzzling is that RSA, BEA and VeriSign are also members of the Liberty Alliance, the organization that introduced federation--which lets a user's authenticated identity be shared across multiple domains--two years ago.
The Liberty Alliance has traction, with at least 20 shipping products and 14 more on the way that support Phase I of the Liberty spec. Indeed, the quotes from IBM and Microsoft spokespeople describing WS-Federation's purpose could have been taken directly from Liberty Alliance white papers.
This means we have, yet again, two standards addressing the same issue. But will WS-Federation destroy Liberty Alliance? Not likely. Britta Glade, vice chairman of Liberty's Business and Marketing Expert Group, is glad to see more focus on the federation of identities and says the Liberty specification is strong because of its policy of embracing existing specifications rather than reinventing the wheel. But the problem is not one of integrating an existing--or even new--specification. Rather, WS-Federation and Liberty are both designed to solve the same problem, but in different ways.
So they'll need to interoperate. Eric Nolin, a spokesman for PingID and a member of Liberty Alliance, says there are "no technological hurdles to interoperability" between WS-Federation and the Liberty because "the stacks are still the same. We're all still talking the same language."
That may be true, but there will be hurdles to overcome, as there are with any nascent standard that hasn't yet been implemented. And because WS-Federation is influenced heavily by Microsoft--a company notorious for its desire to embrace and extend technology to fit its agenda--interoperability between the two specifications will remain a question mark.