Monday, 31 March 2008

Dynamic SAML Article in IEEE Security & Privacy

The IEEE Security and Privacy magazine just published an article I co-wrote with Nate Klingenstein and Leif Johansson on Dynamic SAML and how it can be used to simplify SAML deployments. Nate and Leif are two extremely knowledgeable federation and security experts who hail from the Shibboleth community. You can read the article online without a subscription here.

It was both interesting and enlightening to work with Nate and Leif on this article as they brought an alternate perspective from the Shibboleth world as to why Dynamic SAML will be beneficial to Shibboleth federation communities. The article became an intersection of our combined ideas on how automating the exchange of SAML configuration information (meta-data) can lead to simpler SAML deployments.

Dynamic SAML is also the foundation of our Auto-Connect capability in PingFederate 5.0. Auto-Connect includes some additional optimizations that we felt would further simplify SAML deployments. One example of this is the requirement to use the simpler front-channel Browser POST and Redirect bindings. Nate, Leif and I discussed the merits of including this and other Auto-Connect optimizations in Dynamic SAML, but decided to leave them out and treat them as deployment best practices and conventions. During this exchange, one of my favorite quotes came from Nate who succinctly said - "I think back channel's dead". Sort of sums up my view of the SAML Artifact binding.

Posted by pharding at 8:16 PM in IdM | Responses (0) | Permalink

Monday, 3 March 2008

Adoption and State of the Federation Market

I was recently asked to participate in a Burton Group podcast with Sun and Covisint on the 'Adoption and State of the Federation Market'. Gerry Gebel did a great job moderating the discussion. The synopsis is below. I think you will find its a worthwhile 20 minute listen.

"In January 2008, Burton Group published a report evaluating products in the Federation technology market. Federation is an important tool for deploying cross-domain sign-on and access solutions. With more than a dozen products on the market today, information technology (IT) architects have no shortage of options. Because large organizations require a tiered model for federation, few will be able to settle on a single federation server or hosted provider for all their federation needs. Most organizations will deploy a mix of general-purpose, application-specific, and open source technologies to round out federated identity.
In this Burton Group Tech Watch podcast, Gerry Gebel moderates a discussion on the adoption and state of the federation market with providers: Ping Identity, Covisint and Sun."