Update on WS-Federation, SAML 2.0

1 minute read

I posted my previous blog entry as feedback to Patrick Harding’s SAML 2.0 article in Network World. Patrick was kind enough to reply this morning, saying that Network World TechUpdate articles focus on a single technology which, in this case, was SAML 2.0 rather than the wider topic of Federated Web SSO. Never mind that writing about the convergence of federation technology into SAML 2.0 without mentioning WS-Fed is like not mentioning the elephant in the room.
Anyway, Patrick gave me his permission to post his excised paragraph:

What about WS-Federation? Anyone using Microsoft’s upcoming Active Directory Federation Service will be using WS-Federation, as it is the protocol supported by ADFS. WS-Federation will likely become the second important federation protocol going forward, even though the primary focus of the WS-* initiative is web services. While one could argue the industry would be better off with a single standard, having two is a whole lot better than having seven.

I can’t agree more - taking the pragmatic view, we now have a converged standard for federated web single sign-on supported by the entire industry save a single vendor. Perhaps Microsoft could one day join us at OASIS in bringing the benefits of WS-Federation to SAML 2.next?




A customers perspective is slightly different than what you suggest in your posting. MS is doing the right things with WS-Federation. After all, if you consider that 99.9% of all Fortune enterprises and their B2B partners have AD installed, they would eliminate not only the need for SAML but for enterprises to buy yet another piece of software that really should be bundled with the OS in order to solve for problems across enterprises. Federated identity conversation is somewhat consumer focused. Would be great if participants could put on an enterprise lens when considering solutions….

Leave a Comment

Your email address will not be published. Required fields are marked *