Microsoft says it won't support SAML 2.0
Microsoft Corp. will stick by the set of protocols it has picked for identity federation, a concept that includes single sign-on (SSO) for several different Web portals and secure transfers of data between partnered businesses.
Microsoft has backed WS-Federation protocols for the next generation of message-based applications because it offers a full suite of security, message and transaction protocols, said Don Schmidt, senior program manager for Microsoft's Identity and Access group. The company's stance is not about which protocol set is necessarily better but rather which offers a wider flexibility in accommodating federated identity, he said.
Schmidt gave a session Thursday on ADFS (Active Directory Federation Services), Microsoft's software for federated identity, at Microsoft's IT Forum 2005 in Barcelona.
The WS-Federation protocols compete with the SAML (Security Assertion Markup Language) 2.0 specification, which so far has strong footing in the race to create secured identity federation across organizations. SAML 2.0 is backed by consortiums such as the Liberty Alliance and the Organization for the Advancement of Structured Information Standards (OASIS).
SAML 2.0 protocols are fine for strictly Web single sign-on, Schmidt said. But the WS-Federation protocols are better equipped to deal with a distributed Web services environment for message reliability, transaction support and security, he said. SAML 2.0 does not have reliable messaging or transaction support, he said.
The problem for businesses is when they want to federate but have chosen a different set of protocols. Vendors are developing translators between the two standards, but Schmidt said those potentially could have a security problem since there a middle point where the data is processed, although he said he believes those systems will improve.
Microsoft will soon start shipping "a whole lot" of servers use WS-Federation protocols, and those client computers will be compatible, Schmidt said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
