A new white paper, jointly published by Microsoft and Sun, addresses the issue of interoperability. The paper, "Microsoft \'Geneva\' Server and Sun OpenSSO," discusses the common support of both companies for the Security Assertion Markup Language (SAML) federation standard as a basis for interoperability and ease of collaboration.

The authors present an overview of each solution and its capabilities, both as individual and as interoperable solutions, describing the business benefits of interoperability between the two solutions. The paper also presents details on use cases demonstrating the solutions’ proven interoperability in real-world federation scenarios.

The central issue under discussion, as the white paper puts it, involves the challenge of providing users with secure access to multiple types of applications in heterogeneous IT environments without requiring them to sign on to applications multiple times. This need to securely share resources, particularly heterogeneous resources, beyond traditional boundaries drives the need for identity federation.

The paper explains that identity federation responds to the need to share resources across heterogeneous environments by making identities portable, so that they can be shared with and leveraged by trusted partners. Identity federation does this by streamlining and simplifying the process of sharing the identity data associated with users. By making it possible to extend those users’ credentials and authorizations across traditional organizational boundaries, federation eliminates the major logistical obstacles to collaboration.

A federated solution makes identity information portable across security domains and enables SSO access across applications in multiple domains, the authors add. This can only be accomplished through sharing federation standards as Sun and Microsoft do in OpenSSO Enterprise and the “Geneva” Server, both of which support the Security Assertion Markup Language (SAML) standard for exchanging authentication and authorization data between domains.

The paper describes Sun OpenSSO Enterprise as a next-generation federated access management solution that provides secure and centralized access control and SSO for internal and external applications and Web services security—all in a single, self-contained Java application.

Specifically, the solution:

• Enables centralization and enforcement of SSO and security policy for internal and extranet authentication

• Offers a truly lightweight means of federating: the Fedlet, a .NET and Java-compatible package that enables service providers to easily federate with online business partners
• Supports interoperability through the SAML federation standard (as well as WS-Federation and other standards)

OpenSSO Enterprise is a commercial offering based on OpenSSO, Sun's open-source identity management project, providing highly scalable SSO, access management, federation, and secure Web services.

Microsoft “Geneva” Server, in turn, provides a security token service (STS) that enables organizations to collaborate securely across domains using identity federation. The solution specifically:

• Can be used by any identity provider whether inside an organization, exposed on the Internet, or both

• Allows identity federation for both passive clients (i.e., Web browsers)and active clients

• Supports interoperability through the SAML federation standard (as well as WS-Federation and other standards)

With SAML-based interoperability between Sun and Microsoft federated identity solutions, the white paper asserts, organizations can easily achieve SSO for heterogeneous applications across domains. Examples include:

• .NET Integration to OpenSSO Enterprise

• SharePoint Access from OpenSSO Enterprise

As mentioned above, with both OpenSSO Enterprise and “Geneva” Server on the SAML federation standard, users can access services being offered from outside their identity provider’s site without having to sign on again to another site. In federated relationships, the SSO can be initiated by either the identity provider or the service provider. It is also the case that the service provider can use the OpenSSO Fedlet capability to have users authenticated remotely by the identity provider.

The white paper concludes with the observation that interoperability between heterogeneous technologies is becoming increasingly important as organizations that run different kinds of applications seek to collaborate with each other.

The presence of a common industry standard, SAML, in the Sun OpenSSO Enterprise and Microsoft “Geneva” Server solutions allows organizations to easily, freely, and securely share resources across heterogeneous applications. The interoperability enabled through these two solutions has been amply demonstrated in a variety of real-world deployments.

More Information

Sun OpenSSO Enterprise

Microsoft Code Name \'Geneva\'

OpenSSO [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter