Hot Topic - Standardization

Even when limited to computer applications, Identity Management is a very complex subject. Basically, it involves managing people as digital identities and providing these identities with access rights. However, there is a direct, logical relationship between Identity Management and certain other topics: directory services as data repositories for Identity Management, procedures for secure user authentication and checks on access rights to services and resources (programs, data), the special requirements of web-based services, process support using workflow procedures, and so on.

Because of this high level of complexity, users are often faced with the problem of system integration: Components from various manufacturers, software they've written themselves, customer systems and partner systems have to be integrated into a global solution. This integration process must be cost effective and expandable, but it cannot succeed unless the various modules fit together. This is the driving force behind international standardization efforts. Not even large suppliers can supply solutions for all aspects of Identity Management, specialization is the rule everywhere. Following the attempts made by some large software manufacturers to set standards with their products, today there is a clear trend to product-neutral collaboration in open organizations.

Overview of the most important standards bodies and their objectives

Standards Body

Role and Responsibilities

The Organization for the Advancement of
Structured Information Standards (OASIS) at
http://www.oasis-open.org/

OASIS is a private worldwide organization focused primarily on XML-based standards. A non-profit organization that has a large
membership and has driven a number of popular and essential standards, including:
Security Assertion Markup Language (SAML),
eXtensible Access Control Markup Language
(XACML), Directory Services Markup
Language (DSML), and Service Provisioning
Markup Language (SPML).

Web Services Interoperability (WS-I) at
http://www.ws-i.org/

WS-I states that it is “an open, industry organization chartered to promote Web services interoperability across platforms, operating systems, and programming languages.” The key standard managed by WS-I is the Simple Object Access Protocol (SOAP).

The World Wide Web Consortium (W3C) at http://www.w3.org/

W3C is responsible for the Web Services Description Language (WSDL) specification.

Internet Engineering Task Force (IETF) at http://www.ietf.org/

IETF is a loose affiliate of individuals and organizations aimed at defining, maintaining, and evolving standards to support the Internet.
The IETF is not a traditional standards
organization, although many specifications produced become standards. Of particular interest to identity management-related activities is the Lightweight Directory Access
Protocol (LDAP) standard.

The Open Group at http://www.opengroup.org/

The Open Group sponsors several sub-groups for identity management-related activities.
Beyond the messaging and the mobile
management forums are those relevant to identity management: the Directory Interoperability Forum (DIF) and the Security Forum (SF).


The SPML Standard
The Standard Service Provisioning Markup Language (SPML) developed by OASIS is of special significance to User Provisioning. As a member of OASIS, Beta Systems is directly concerned with the work on this standard.
The task here is to define the interfaces between the different instances involved in the administration of users' access rights. This standard will enable the user to implement the authorization chain over a number of separate modules, starting with the initiator (often an HR system) and going on to the subsequent provision of access rights.
In April 2006 Version 2 of the standard have been approved. All elements for practical use are now available.