The next best thing to the next best thing
From the perspective of a person keen to see identity federation the norm, a single federation protocol is the best thing. That allows a focus on the real challenges of federation- the business and process challenges. It relegates arcane discussions about SAML and WS-Federation to the few people who really want to talk about the nuts and bolts.
In reality, that’s probably unachievable. If nothing else, that was the biggest lesson from the ODF vs. OOXML saga.
The next best thing is true interoperability between protocols with standard products supporting multiple protocols out of the box. This doesn’t take away all the costs, complexity, and risks but is still an acceptable outcome.
The next best thing to the next best thing is a major vendor promising to move towards the next best thing. To that end, Microsoft’s announcement that the beta version of Geneva will not only support SAML 2.0 as a token format but also as a single sign-on protocol is very welcome. Geneva is Microsoft’s future identity platform, replacing ADFS (Active Directory Federation Services).
Specifically, Geneva will support the SAML 2.0 Lite/Web SSO profile. Happily enough, it will also support the US Government’s GSA profile which seems to be an attractive offering for US Government agencies.
So, come 2010 or whatever the usual announcement-to-real world deployment cycle takes, deployers of federation can increasingly focus on benefiting from identity portability rather than the underlying technical challenges.