Identity and Access Management (IAM)

Excuse me while I blow our own horn a bit via the title of this blog. I recognize that excessive horn-blowing is not blogger couth. I do have a more general point to make in this blog – that the technology particulars of federation systems still do matter. But, first the facts. Recently CA and five other IAM vendors received certification from the GSA’s E-Authentication Solution for the GSA’s federation implementation that is based on SAML 2.0. To find out more about the GSA’s E-Authentication initiative please check out their very informative web site here:

http://cio.gov/eauthentication/

To get a listing of the currently approved vendors go this page:

http://www.cio.gov/eauthentication/documents/EAopensIOlab.pdf

The E-Authentication Solution (nee Initiative) has been around since 2002 (almost as long as standards-based federation itself) and has been very innovatively applying the concepts and standards around identity federation to particular needs of the US government. However, anyone interested in identity federation, whether inside or outside of government, can benefit from the approach that the E-Authentication Solution has taken. They very nicely have posted the main documents that make up their “circle of trust” or “federation ecosystem agreements”, so maybe you could borrow some ideas from their foundational documents. They are on the above web site for free downloading.

Getting back to the SAML 2.0 certification process just completed...many people with an opinion about federation, myself included, say that accomplishing federated SSO across organizations is now 80% about trust and how to accomplish and enforce it, and only 20% about technology. This certification is certainly all about the 20%. However, these types of interoperability activities still remain critically important to federation overall. Because of the nature of complex standards and specifications, reasonable technical people disagree about implementation details. And, of course, nearly every federation partner ecosystem has some unique implementation details and requirements. So, continuing to be diligent about interoperability and conformance testing remains critically important for federation adoptability.

The Liberty Alliance has also been doing important work in this area.  Check www.projectliberty.org for more detail

Getting some further third-party validation around this certainly puts a little bounce in our collective steps here in the CA IAM group and should give you every indication we will continue to stay on the forefront of the SAML federation technology we helped create.