Skip to content.
|Networking government in New Zealand.

6. Standards organisations

There are a number of groups who have tried to standardise both the format and transport of security assertion messages:

  • The Liberty Alliance ­­­­– formed by members of the information technology vendor community, organisations with a special interest in digital identity and federation, and members of the financial industry. The Liberty Alliance wants an open standards-based, vendor independent solution to identity federation.
  • The Shibboleth project ­­­­– created by Internet2 to support the sharing of research information and resources between major US universities.
  • OASIS ­­­­– a not-for-profit international consortium formed the Security Services Technical Committee (SSTC) to create an authoritative international standard for security assertion messaging.

The Liberty Alliance, Shibboleth and OASIS are not the first organisations to attempt to solve the problem of identity federation but they are the most significant organisations to have defined standards in this arena. Microsoft has developed Identity Metasystem, a proprietary technical solution to the identity federation problem, integrated with its product set. While this supports the use of SAML tokens primarily over Web Services it is unclear at the time of writing what extensions or mappings are required to achieve uninhibited interoperability. More detail on these organisations is given in Appendix B.

Initially, the Liberty Alliance defined their Identity Federation Framework (ID-FF) based on SAML V1.x, layering additional functionality on top. Recognising the value of a single standard for federated SSO, Liberty members submitted ID-FF V1.2 to the OASIS Security Services Technical Committee as input to the SAML V2.0 standard.

The latest version of the Shibboleth software has adopted SAML 1.1 as the underlying technology for exchanging security assertions. Support for SAML v2.0 is being added to Shibboleth in future releases.

In summary, the major contributors to Federated Identity standards and technologies are choosing SAML v2.0 as the preferred future direction. It is important to note that all three organisations have had significant input to version v2.0 of the SAML standard and that SAML v2.0 has been adopted by the Liberty Alliance as the successor to ID-FF v1.2.

Figure 2 depicts the relationship between the Liberty Alliance, OASIS SSTC and Shibboleth and the corresponding standards that have been developed.

The relationship between the Liberty Alliance, OASIS SSTC and Shibboleth

[ Previous ] [ Next ]