Tuesday Oct 28, 2008

Welcome, Microsoft, to the World of SAML 2.0

This is a blog entry I've been wanting to write for a LONG time... At the Professional Developers Conference today, Microsoft announced that 'Geneva', their forthcoming identity platform (part of which is the successor to Active Directory Federation Services), will not only support SAML 2.0 as a token format, but also as a single sign-on protocol. The Federation Wars are over!!!

Lots more to read on the subject:

Me, I'm looking forward to testing OpenSSO with Geneva. We live in interesting times indeed

Friday Sep 26, 2008

links for 2008-09-26

Saturday May 17, 2008

links for 2008-05-17

Friday Apr 18, 2008

links for 2008-04-18

Thursday Mar 20, 2008

links for 2008-03-20

Thursday Mar 06, 2008

Credentica U-Prove Acquired by Microsoft - Zero Knowledge Proofs For All?

Across the wires this morning comes news from Kim and Stefan that Microsoft has acquired Credentica's U-Prove technology and the services of Stefan and his Credentica colleagues. I'm curious as to why the news isn't simply 'Microsoft acquires Credentica', but business is sometimes like that, I guess.

Anyway, congratulations to Stefan and co! I've been following their technology for a few years now (I even worked my way through Stefan's book - well, most of it - some of the formal proofs were a little beyond my mathematical abilities) and have met Stefan and Greg a couple of times - super guys, cool technology - it will be great to see it get wider exposure.

Tuesday Jul 10, 2007

links for 2007-07-10

Monday Dec 04, 2006

Sun and Microsoft Interoperate for Web Authentication, Part 1

In between all the talk of federation, PHP and web services, we sometimes lose sight of the fact that bread-and-butter single sign-on and access control still has huge value in improving both security and the user experience. Over at the Sun Developer Network, Marina Sum and I just published an article - Sun and Microsoft Interoperate for Web Authentication, Part 1 - focusing on how Sun Java System Access Manager and its policy agents integrate with Microsoft IIS to provide both single sign-on and access control - right down to Windows ACLs on files on disk.

As the article mentions, some functionality (specifically, the basic authentication plugin - from the 'Configuration of the Policy Agent for HTTP Basic Authentication' heading to the end - sorry, there is no handy name anchor in there to link to) will be released in AM Policy Agent for IIS 2.2-Hotpatch6 sometime in the next few weeks. I'll post here as soon as this is available; at that point you will be able to work through the entire article. In the meantime, much of it works with the current policy agent, so you can get started straight away.

Saturday May 14, 2005

Sun/Microsoft Press Conference

Well - it's done. I've been involved in the web single sign-on interoperability work with Microsoft since the beginning of the year - four and a half months of painstaking specification work, designing a demo, going on vacation while the real engineers built the demo (BIG kudos to Emily for the protocol work and Lauren for the web pages on our side, Ryan on the MS side - the demo worked flawlessly and looked great!) then a final flurry of work on the demo script and rehearsals for the big day.
Watch the webcast - I'm presenting the demo with Don Schmidt of Microsoft. There's a press release (if that's your sort of thing) and a factsheet. The actual specs are online at Sun and Microsoft. I'm not going to repeat any of that here. I will say that it is somewhat nerve-wracking giving a live presentation just 6 feet from Steve Ballmer and Scott McNealy! AND - there is no truth in the rumour that I am Steve Ballmer's 'good twin'...
I've read blogs and comments that represent this as Sun moving from open to proprietary standards. This is emphatically not the case. The big news, as I see it, is that customers now have a way to implement SSO with the upcoming Active Directory Federation Services that would otherwise not exist. These specifications are published and will be submitted to a standards process, so other identity management vendors can implement them or not as they see fit.



« June 2016