Those already familiar with XML security standards, especially those that relate to identity presentation and management, also know that this is a fragmented landscape, populated with multiple, formerly unrelated and not always compatible, schemes. Simply put, the Concordia Project seeks to make some order from this chaos, and to define mechanisms whereby various competing or incompatible identity schemes can seek what the groups goals describe as "harmonization and interoperability of identity specifications and protocols."
This already sounds pretty good, but when you look at the group's purpose, principles, and charter, you find specific mention of the following existing or emerging standards:
- CardSpace, Microsoft's .NET initiative for identity presentation and management.
- Liberty Alliance Project, an open initiative that aims to establish a similarly open standard for federated network identity.
- OpenID, an open and decentralized identity system designed "not to crumble if one company turns evil or goes out of business."
- openLiberty.org, an organization "established to provide easy access to tools and information to jumpstart the development of more secure and privacy-respecting identity-based applications based on Liberty Federation and Liberty Web Services standards."
- Open Source, a general movement for creating open, royalty-free, publicly accessible information processing standards and software (SourceForge currently plays host to over 1100 digital identity related projects, of which Open Single Sign-On or Open SSO is a leading example).
- SAML, or the Security Assertion Mark-up Language, initiative underway at OASIS, seeks to define and maintain a standard, XML-based framework for creating and exchanging security information, including identity, between online partners.
- WS-Federation (Web Services Federation Language), a member of the Web Services family of XML specifications, is spearheaded by IBM and seeks to define "mechanisms to allow different security realms to federate by allowing and brokering trust of identities, attributes [and] authentication between participating Web services."
This working group, organized on April 24, 2007, wants to unite these and other standards and to help foster development of one ubiquitous, interoperable, privacy-respecting layer that all developers and Web site operators can share. Their thinking is to drive the cost of development down, lower the barriers for secure identity establishment and management to help assure successful development, promote more (and more usable) commercial and service offerings, and in general cut the ever-so-tangled knot of possible solutions that surround simplified identity management nowadays.
What can we expect from these guys? It's still to early to tell, but with XML heavyweight Eve Maler at the helm of the organization and a wealth of already published use cases there could actually be some relief in sight for those grappling with (or holding off from committing to) identity establishment and management problems and issues. Count on us to keep an eye on this effort and to report further as more tangible developments and tools emerge.
About the author
Ed Tittel is a full-time writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. Among his many XML projects are XML For Dummies, 4th edition, (Wylie, 2005) and the Shaum's Easy Outline of XML (McGraw-Hill, 2004). E-mail Ed at firstname.lastname@example.org with comments, questions or suggested topics or tools for review.