The Cover PagesThe OASIS Cover Pages: The Online Resource for Markup Language Technologies
Advanced Search
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors

Cover Stories
Articles & Papers
Press Releases

XML Query

XML Applications
General Apps
Government Apps
Academic Apps

Technology and Society
Tech Topics
Related Standards
Created: May 16, 2005.
News: Cover StoriesPrevious News ItemNext News Item

Microsoft and Sun Publish Web Single Sign-On (SSO) Identity Specifications.


Sun Microsystems and Microsoft Corp held a joint press conference on May 13, 2005 to announce the publication of two new identity management specifications and plans for additional collaborative effort to support product interoperability.

A new Web Single Sign-On Metadata Exchange Protocol specification "defines how a service can query an identity provider for metadata that describes the identity-processing protocol suites supported by that provider, to increase the service's ability to communicate successfully and efficiently with the provider." The companion Web Single Sign-On Interoperability Profile "defines an interoperability profile of the web single sign-on metadata exchange protocol that allows using either Liberty Identity Federation or WS-Federation based Identity Providers to interact with a service. It defines how the service determines the protocols supported by the client's identity provider thereby allowing identity processing to occur."

Release of the identity specifications is said to represent first steps by the two companies "towards improving interoperability for customers using Liberty and WS-* web service architectures with the joint development of two draft specifications for web single sign-on interoperability. These new specifications will ultimately enable browser-based web single sign-on between security domains that use Liberty ID-FF and WS-Federation."

The two companies welcome developer participation in the further development of the Web SSO specifications; this design work will be managed through the Web services protocol workshop process. Subsequently, the two specifications will be submitted to a standards organization for finalization and ratification as industry standards.

Initially, the Microsoft Windows Server and the Sun Java Enterprise System will support the Web SSO specifications: "Products that support the Web SSO MEX Protocol and the Web SSO Interop Profile will enable companies to provide users with an improved SSO experience from their Web browsers. For example, if a company implements an employee portal using Sun Java Enterprise System, and the company's benefits provider deploys a Web-based application using Microsoft Windows Server, then an employee will be able to access the benefits application from the portal without having to log in separately."

The press conference marked the one-year anniversary of a 10-year technical collaboration agreement, first announced in April 2004, which outlined a framework for increased cooperation between Sun Microsystems and Microsoft Corp to enable their products to work better together. This press event updates information provided in the December 2004 progress report.

Bibliographic Information

  • Web Single Sign-On Metadata Exchange Protocol. By Rajeev Angal (Sun Microsystems), Chris Kaler (Microsoft), Hubert Le Van Gong (Sun Microsystems), Eve Maler (Sun Microsystems), Ari Medvinsky (Microsoft), and John Shewchuk (Microsoft). April 2005. 14 pages. Copyright (c) 2005 Microsoft Corporation, Inc. and Sun Microsystems. Inc. With XML Schema.

    Contributors: "This specification has been developed as a result of joint work with many individuals and teams, including: Qingwen Cheng (Sun), Gary Ellison (Former co-author), Jeff Hodges (Former co-author), Chuck Mortimore, Jeffrey Schlimmer (Microsoft), Don Schmidt (Microsoft), Wei Sun (Sun), Emily Xu (Sun), and Pat Patterson (Sun).

  • Web Single Sign-On Interoperability Profile. By Rajeev Angal (Sun Microsystems), Chris Kaler (Microsoft), Hubert Le Van Gong (Sun Microsystems), Eve Maler (Sun Microsystems), Ari Medvinsky (Microsoft), and John Shewchuk (Microsoft). April 2005. 9 pages. Copyright (c) 2005 Microsoft Corporation, Inc. and Sun Microsystems. Inc.

Web SSO Metadata Exchange Protocol Overview

"When a client desires identity-based communication with a service, there is a need to establish a common protocol that is supported by both parties. There are several different models which can be employed — specifically the identity provider can support multiple protocols or the target service can support multiple protocols.

When an identity provider supports multiple protocols the target service simply uses its preferred protocol suite to communicate with the identity provider and the identity provider responds correctly.

However, to maximize the set of clients that are supported, a target service may also elect to provide support for multiple protocol suites. This enables the target service to work with identity providers with limited protocol suite support. Moreover, in some cases, the target may need to dynamically determine the protocol suites the identity provider supports.

To address these situations, this document defines a mechanism whereby target services can determine the protocol suites supported by the client's (requestor's) identity provider and use a supported protocol suite for subsequent communication with the identity provider.

That is, to initiate identity-based communication, the target service requires communication with the client's identity provider. However, the identity provider may support different protocol suites, or even different versions of a common protocol suite. This protocol defines a neutral mechanism to determine the supported protocol suites (and versions) thereby enabling the service to determine the right protocol to use to initiate identity processing.

This protocol also defines a standard process for determining the identity provider for a given client (requestor)..." [from the Web Single Sign-On Metadata Exchange Protocol Introduction]

From the Microsoft/Sun Announcement

In outlining progress between their two companies one year after their landmark agreement, Sun Microsystems Inc. Chairman and CEO Scott McNealy and Microsoft Corp. CEO Steve Ballmer today announced a series of measures to enhance product interoperability, including the development of new specifications that enable Web single sign-on (SSO) between systems that use Liberty and WS-* Web service architectures.

The measures result from the broad 10-year technical collaboration agreement, announced in April 2004, that set the framework for increased cooperation between the companies to enable their products to work better together. The chief executive officers noted that over the past year the companies have made considerable progress building a productive work relationship at various levels and setting the foundation for a number of initiatives to address customer interoperability needs.

"Over the past year we have worked to establish great communication at all levels between our companies, from regular executive meetings to in-depth working sessions with our engineers," said Ballmer. "In the first year, we've moved from the courtroom to the computer lab. Now we're moving from the lab to the market."

"Sun and Microsoft are working together ... and quite well at that," said McNealy. "A year ago, the skeptics doubted that we could agree on the shape of the table, much less collaborate on solving some of the industry's toughest problems. Surprise — we did just that and today we've taken a huge step forward. Single sign-on experience between the Solaris-based Operating System, Sun Java Enterprise System and Microsoft Windows Server has been customers' top request. This is just the beginning of a long list of projects we're working on."

The companies noted their strong outreach to customers in developing the relationship as well as identifying key areas and projects. Over the past year, top executives from both companies have spoken regularly to customers to get a better understanding of priorities and concerns. A key area for customers was product interoperability; in addition to the Web specifications, the companies also announced licensing agreements and product cooperation that address customer interoperability needs.

Web Single Sign-On (SSO)

The companies have jointly developed and published two draft specifications: Web Single Sign-On Metadata Exchange (Web SSO MEX) Protocol and Web Single Sign-On Interoperability Profile (Web SSO Interop Profile). These new specifications enable browser-based Web SSO between security domains that use Liberty ID-FF and WS-Federation. Products that support the Web SSO MEX Protocol and the Web SSO Interop Profile will enable companies to provide users with an improved Web SSO experience from their Web browsers.

As part of the companies' ongoing commitment to improving interoperability across their respective product lines, Microsoft and Sun also announced plans to support the new specifications within their product portfolios, including Microsoft Windows Server and Sun Java Enterprise System.

Microsoft and Sun welcome participation in the further development of these draft specifications through the Web services protocol workshop process, and ultimately will submit them to a standards organization for finalization and ratification as industry standards. Drafts of the new specifications are available on Microsoft's Web site and Sun's Web site for anyone to review and comment on.

"The integration of the products of these two companies is critical to General Motors," said Fred Killeen, director of Systems Development and chief technology officer for General Motors Information Systems & Services. "The reduction in integration cost and operational complexity will be a key enabler in implementing identity management initiatives for GM and for the industry as a whole."

"Finding ways to improve interoperability and reduce overlap between the Liberty Alliance specifications and the WS-* Web services architecture is a primary goal of the Liberty Alliance," said Michael Barrett, vice president, Security Strategy for American Express Co., and president of the Liberty Alliance from 2002 to 2004. "The Microsoft and Sun agreement showed a great deal of promise as a practical way to achieve that interoperability, and today's announcements go a long way toward enabling the interoperability that enterprises and vendors both need."

WS-Management Specification

Microsoft and Sun are collaborating on systems management to enable deep interoperability between their operating systems and management products. As part of this effort, the companies are collaborating on the development of the WS-Management a Web services specification, co-authored by Microsoft, Intel, Sun and other vendors, that defines a single protocol to meet management requirements spanning hardware devices, operating systems and applications. Sun will implement WS-Management in the Solaris 10 Operating System, management service processors in its x64-based Sun Fire servers and the Sun N1 management software tools, to provide full systems management interoperability across Solaris and Windows environments. In addition, Sun has created an implementation of WS-Management in Java programming language that it plans to release to the open source community at WS-Management also is a key component of the Microsoft Dynamic Systems Initiative and will ship as a standard part of Windows Server 2003 starting with R2.

Windows on Sun

Microsoft and Sun are committed to addressing customer needs in the field of 64-bit computing. The Sun Fire x64 server for x64 systems and Sun Java Workstation product lines carry the Designed for Windows logo, have passed Microsoft's stringent compatibility testing suite and are listed in the Windows Catalogs. Sun and Microsoft also have signed an agreement providing Sun back-line support for Windows on Sun systems.

Systems Integrators

Leading system integration companies including Accenture, EDS and NEC Corp. also support the Sun and Microsoft relationship and are providing interoperability between Sun and Microsoft products for their customers.

"Accenture is deploying for clients numerous solutions that combine the Sun and Microsoft environments, which require that the J2EE and Microsoft .NET platforms interoperate," said Don Rippert, chief technology officer at Accenture. "Microsoft and Sun are building easy interoperation into their product sets. This allows the Windows platform and the Java Enterprise System to communicate to ensure heterogeneous management, transaction integration and common authentication. Sun and Microsoft are providing what our clients are increasingly demanding: best-of-breed options based on proven interoperability from their technology providers."

"EDS is excited to enhance its relationship with both Sun Microsystems and Microsoft, which is already strong under the EDS Agility Alliance," said Charlie Feld, executive vice president, Portfolio Management, EDS. "EDS brings considerable expertise in delivering solutions combining Sun and Microsoft products and is a key partner in qualifying, delivering and supporting Solaris 10 on SPARC and AMD Opteron platforms from Sun. EDS also delivers Windows-based solutions on the AMD Opteron-based Sun Fire hardware platform"

"NEC is a strong partner to both Sun and Microsoft, and has considerable expertise delivering best-of-breed middleware solutions and services that help customers deploy and manage Sun and Microsoft technologies and products in their heterogeneous environments," said Toshiro Kawamura, senior executive vice president and member of the board at NEC. "NEC strongly supports interoperability between Solaris/Java Enterprise System and Windows/.NET and is committed to expand our expertise to assist customers deploying advanced identity solutions."

Protocol License for Sun Ray Thin Client Solutions

The companies announced that Sun has licensed Microsoft's Remote Desktop Protocol and will implement it in its Sun Ray ultra-thin client product line in the near future. This means that users of Sun Ray thin clients now can access Windows Terminal Services running on Windows Server 2003.

Windows Terminal Services enables users to remotely access and display Microsoft Windows running on Windows Server 2003 from a wide range of client devices, including those that do not run on Windows.

Principal References

Hosted By
OASIS - Organization for the Advancement of Structured Information Standards

Sponsored By

IBM Corporation
ISIS Papyrus
Microsoft Corporation
Oracle Corporation


XML Daily Newslink
Receive daily news updates from Managing Editor, Robin Cover.

 Newsletter Subscription
 Newsletter Archives
Bottom Globe Image

Document URI:  —  Legal stuff
Robin Cover, Editor: