{"id":1069,"date":"2009-09-30T17:10:01","date_gmt":"2009-10-01T01:10:01","guid":{"rendered":"\/?p=1069"},"modified":"2009-09-30T17:18:15","modified_gmt":"2009-10-01T01:18:15","slug":"john-fontana-on-saml-interoperability","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1069","title":{"rendered":"John Fontana on SAML Interoperability"},"content":{"rendered":"

John Fontana writes <\/a>about the SAML interoperability test in ComputerWorld<\/a>, turning\u00a0quite a bit\u00a0of his attention to Microsoft:<\/p>\n

“Microsoft completed its first SAML interoperability test and the results are in: Active Directory Federation Services 2.0 software received a passing grade.<\/p>\n

“Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol.<\/p>\n

“The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants \u2013 SAP and Siemens. Return testers Entrust, IBM, Novell and Ping Identity also passed. Results were announced Wednesday.<\/p>\n

“The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others’ SAML 2.0 implementations. This should give our customers confidence that their federation deployments using ADFS will ‘just work,'” says Conrad Bayer, product unit manager for federated identity at Microsoft.<\/p>\n

“In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company previously supported the SAML token, but never the transport profiles of the protocol…<\/p>\n

As much as I love John, I don't think\u00a0“dismissive” really describes our attitude – at least I hope it doesn't.\u00a0 It is true that our initial thinking was that the world would be a\u00a0“tidier place” if people\u00a0used one single\u00a0protocol that worked both for “Active Clients” (e.g. applications that run on your PC or phone) and “Passive Clients” (web pages served up in a browser).\u00a0 We saw WS-Federation as a\u00a0way to achieve that technical symmetry.\u00a0\u00a0But I and others have also\u00a0said\u00a0for\u00a0several years\u00a0that\u00a0we\u00a0saw much of what people were doing\u00a0with SAML as being innovative and positive.\u00a0\u00a0And we have made it very clear that an\u00a0Identity Metasystem means “no silos”.\u00a0\u00a0<\/p>\n

Today you can see the results of this thinking in our new product.\u00a0 ADFS V2\u00a0does everything it can to\u00a0conform with the Identity Metasystem\u00a0idea.\u00a0 That means supporting SAML as well as the other Federation and Claims Transformation protocols (e.g. WS-Trust and WS-Federation).\u00a0I think the synergy will be great for our customers and the industry.<\/p>\n

John goes on to say:\u00a0<\/p>\n

“Full matrix” testing means all participants must test against each other. The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification.<\/p>\n

Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace.<\/p>\n

Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. The SAML profiles ADFS 2.0 supports cover the core features of federation.<\/p>\n

ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture. ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services.<\/p>\n

[Read more here<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"

ADFS V2 does everything it can to conform with the Identity Metasystem idea.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[37,10,8,75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1069"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1069"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1069\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}