Identifying Identity and Access Management Standards

Ralph DeFrangesco

In recent posts, I mentioned the SAML and WS-Federation standards. Since these are the prevailing industry standards, I think that it's important that we discuss them to gain a firm understanding of what they are, who developed them, and why they are important.


SAML is the Security Assertion Markup Language. It addresses the problem of exchanging authentication and authorization of data between an identity and service provider. Specifically, SAML allows businesses to make assertions about the identity of users to other companies or applications. SAML is a product of the Organization for the Advancement of Structured Information Standards (OASIS). The original SAML version 1.0 was released in November 2002. The latest version is version 2.0, which was released in March 2005.


WS-Federation is an Identity Federation specification developed by a consortium of vendors including BEA, BMC, CA, IBM, Layer 7, Microsoft, Novell and VeriSign. This standard allows the brokering of trusts, identities, attributes and authentication between participating Web services. The original standard was published in 2003. The current standard, version 1.1 was released in 2006.


Although I did not mention this standard in my original post, the Liberty Identity Federation Framework (ID-FF) is an important standard. ID-FF is part of the Liberty Alliance Project. The standard is based on trusts and relationships between businesses and federated user accounts. The latest standard, version 1.2, was released in 2005.


I have presented a lot of information for you to sort through here. Keep in mind when looking at identity and access management products that it's not the standard that's important. What is important is that the product is based on a standard.

Add Comment      Leave a comment on this blog post
Jun 12, 2009 3:35 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Felix Gaehtgens


Thank you for taking the time to reply. I do agree with you, however I included it because it is legacy and my applications have used the standard. I felt that if I left it out, someone would have said something.


Jun 12, 2009 6:28 AM Felix Gaehtgens Felix Gaehtgens  says:

ID-FF is not an important standard. It has historical value, ever since its was merged into the SAML 2.0 standard. Today, there are very few people using ID-FF, and if so, then only for compatibility.

The "important" set of standards from the Liberty alliance is ID-WSF, although adoption hasn't been as fast as expected.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.