A year ago, my former collegue SÃ¸ren Peter Nielsen wrote, on behalf of the Danish government, a letter to Microsoft. Seems he got a response, and I’m sure it’ll interest XMLGrrl and many others, that an announcement was made yesterday: Agreement between the National IT and Telecom Agency and Microsoft: Agreement concerning partial support of the SAML 2.0 standard.
“The ongoing dialog between the National IT and Telecom Agency and Microsoft has resulted in an agreement on partial support of the SAML 2.0 standard in Microsoftâ€™s forthcoming version of their federation product named Active Directory Federation Services 2”, the agency writes.
The text agreed upon is as follows:
“The Danish public sector has chosen SAML 2.0 as their federation standard. Microsoft products use WS-Federation and WS-Trust as the foundation of their federated identity architecture. The Danish government has agreed that the SAML 2.0 token format is sufficient to provide basic interoperability between WS-Federation and SAML 2.0 environments as a common assertion format, without loss of authentication integrity.
To support interoperability between WS-Federation and SAML 2.0 based products Microsoft has agreed to support the SAML 2.0 token format in the future release of Active Directory Federation Services code-named Active Directory Federation Services “2”. Microsoft will provide the Danish public sector Centre of Service Oriented Infrastructure with pre-release code to help analysis and planning of solutions for integrating WS-Federation-based clients in the Danish federation, and to collect feedback on the feature implementation.
In addition, the co-authors of WS-Federation (including Microsoft) have submitted the specification to OASIS for standardization. This step further enables interoperability between federated environments that deploy SAML 2.0-based products and those that deploy WS-Federation-based products.”
In commenting the agreement, the agency writes: “With this agreement a possibility for inclusion of Microsoft based clients in a common public SAML 2.0 based federation has opened”, and notes:
The integration will require the standard based login solutions to be expanded with a special integration code. The solution is therefore a pragmatic tactical integration solution, but with the above-mentioned partial SAML 2.0 support from Microsoft it is expected that the integration can be done without influencing the individual â€œMicrosoft Active Directory Federation Serviceâ€ user organizations.
The agency notes that more iinformation on the concrete possibilities will be published as the National IT and Telecom Agencyâ€™s Centre for Service Oriented Infrastructure receives pre-release code from Microsoft that can be integration tested.
The agency elaborates a bit more on the deal:
It is still desired, that Microsoft support all of the SAML 2.0 standard in their products, but the above-mentioned agreement are a good first step towards more convergence among standards for transverse user management.
The National IT and Telecom Agency also sees the filing of the WS-Federation (WS-FED) specification for standardization in OASIS as a step that can promote convergence among federation standards.
It should be stressed that it does not mean that the WS-Federation specification is recommended equally to SAML 2.0 for common public solutions.
When the results of the standardization with WS-Federation become available (expectedly in the end of 2008) it might be relevant to do a new assessment but for now the SAML 2.0 it is still the only standard, which is recommended as a federation standard for Danish common public solutions.
So, there we have it.
I want to congratulate SÃ¸ren Peter on a job well done. Stand firm on SAML 2.0, the open ecosystem needs it. And thanks to Microsoft for listening to customers (but why only partial support?).