Sun Microsystems and Microsoft Corp held a joint press conference on May 13, 2005 to announce the publication of two new identity management specifications and plans for additional collaborative effort to support product interoperability.
A new Web Single Sign-On Metadata Exchange Protocol specification "defines how a service can query an identity provider for metadata that describes the identity-processing protocol suites supported by that provider, to increase the service's ability to communicate successfully and efficiently with the provider." The companion Web Single Sign-On Interoperability Profile "defines an interoperability profile of the web single sign-on metadata exchange protocol that allows using either Liberty Identity Federation or
WS-Federation based Identity Providers to interact with a service. It defines how the service determines the protocols supported by the client's identity provider thereby allowing identity processing to occur."
Release of the identity specifications is said to represent first steps by the two companies "towards improving interoperability for customers using Liberty and WS-* web service architectures with the joint development of two draft specifications for web single sign-on interoperability. These new specifications will ultimately enable browser-based web single sign-on between security domains that use Liberty ID-FF and WS-Federation."
The two companies welcome developer participation in the further development of the Web SSO specifications; this design work will be managed through the Web services protocol workshop process. Subsequently, the two specifications will be submitted to a standards organization for finalization and ratification as industry standards.
Initially, the Microsoft Windows Server and the Sun Java Enterprise System will support the Web SSO specifications: "Products that support the Web SSO MEX Protocol and the Web SSO Interop Profile will enable companies to provide users with an improved SSO experience from their Web browsers. For example, if a company implements an employee portal using Sun Java Enterprise System, and the company's benefits provider deploys a Web-based application using Microsoft Windows Server, then an employee will be able to access the benefits application from the portal without having to log in separately."
The press conference marked the one-year anniversary of a 10-year technical collaboration agreement, first announced in April 2004, which outlined a framework for increased cooperation between Sun Microsystems and Microsoft Corp to enable their products to work better together. This press event updates information provided in the December 2004 progress report.
"When a client desires identity-based communication with a service, there is a need to
establish a common protocol that is supported by both parties. There are several
different models which can be employed — specifically the identity provider can support
multiple protocols or the target service can support multiple protocols.
When an identity provider supports multiple protocols the target service simply uses its
preferred protocol suite to communicate with the identity provider and the identity
provider responds correctly.
However, to maximize the set of clients that are supported, a target service may also
elect to provide support for multiple protocol suites. This enables the target service to
work with identity providers with limited protocol suite support. Moreover, in some
cases, the target may need to dynamically determine the protocol suites the identity
To address these situations, this document defines a mechanism whereby target
services can determine the protocol suites supported by the client's (requestor's)
identity provider and use a supported protocol suite for subsequent communication with
the identity provider.
That is, to initiate identity-based communication, the target service requires
communication with the client's identity provider. However, the identity provider may
support different protocol suites, or even different versions of a common protocol suite.
This protocol defines a neutral mechanism to determine the supported protocol suites
(and versions) thereby enabling the service to determine the right protocol to use to
initiate identity processing.
This protocol also defines a standard process for determining the identity provider for a
given client (requestor)..." [from the Web Single Sign-On Metadata Exchange Protocol Introduction]
In outlining progress between their two companies one year after their landmark agreement, Sun Microsystems Inc. Chairman and CEO Scott McNealy and Microsoft Corp. CEO Steve Ballmer today announced a series of measures to enhance product interoperability, including the development of new specifications that enable Web single sign-on (SSO) between systems that use Liberty and WS-* Web service architectures.
The measures result from the broad 10-year technical collaboration agreement, announced in April 2004, that set the framework for increased cooperation between the companies to enable their products to work better together. The chief executive officers noted that over the past year the companies have made considerable progress building a productive work relationship at various levels and setting the foundation for a number of initiatives to address customer interoperability needs.
"Over the past year we have worked to establish great communication at all levels between our companies, from regular executive meetings to in-depth working sessions with our engineers," said Ballmer. "In the first year, we've moved from the courtroom to the computer lab. Now we're moving from the lab to the market."
"Sun and Microsoft are working together ... and quite well at that," said McNealy. "A year ago, the skeptics doubted that we could agree on the shape of the table, much less collaborate on solving some of the industry's toughest problems. Surprise — we did just that and today we've taken a huge step forward. Single sign-on experience between the Solaris-based Operating System, Sun Java Enterprise System and Microsoft Windows Server has been customers' top request. This is just the beginning of a long list of projects we're working on."
The companies noted their strong outreach to customers in developing the relationship as well as identifying key areas and projects. Over the past year, top executives from both companies have spoken regularly to customers to get a better understanding of priorities and concerns. A key area for customers was product interoperability; in addition to the Web specifications, the companies also announced licensing agreements and product cooperation that address customer interoperability needs.
Web Single Sign-On (SSO)
The companies have jointly developed and published two draft specifications: Web Single Sign-On Metadata Exchange (Web SSO MEX) Protocol and Web Single Sign-On Interoperability Profile (Web SSO Interop Profile). These new specifications enable browser-based Web SSO between security domains that use Liberty ID-FF and WS-Federation. Products that support the Web SSO MEX Protocol and the Web SSO Interop Profile will enable companies to provide users with an improved Web SSO experience from their Web browsers.
As part of the companies' ongoing commitment to improving interoperability across their respective product lines, Microsoft and Sun also announced plans to support the new specifications within their product portfolios, including Microsoft Windows Server and Sun Java Enterprise System.
Microsoft and Sun welcome participation in the further development of these draft specifications through the Web services protocol workshop process, and ultimately will submit them to a standards organization for finalization and ratification as industry standards. Drafts of the new specifications are available on Microsoft's Web site and Sun's Web site for anyone to review and comment on.
"The integration of the products of these two companies is critical to General Motors," said Fred Killeen, director of Systems Development and chief technology officer for General Motors Information Systems & Services. "The reduction in integration cost and operational complexity will be a key enabler in implementing identity management initiatives for GM and for the industry as a whole."
"Finding ways to improve interoperability and reduce overlap between the Liberty Alliance specifications and the WS-* Web services architecture is a primary goal of the Liberty Alliance," said Michael Barrett, vice president, Security Strategy for American Express Co., and president of the Liberty Alliance from 2002 to 2004. "The Microsoft and Sun agreement showed a great deal of promise as a practical way to achieve that interoperability, and today's announcements go a long way toward enabling the interoperability that enterprises and vendors both need."
Microsoft and Sun are collaborating on systems management to enable deep interoperability between their operating systems and management products. As part of this effort, the companies are collaborating on the development of the WS-Management a Web services specification, co-authored by Microsoft, Intel, Sun and other vendors, that defines a single protocol to meet management requirements spanning hardware devices, operating systems and applications. Sun will implement WS-Management in the Solaris 10 Operating System, management service processors in its x64-based Sun Fire servers and the Sun N1 management software tools, to provide full systems management interoperability across Solaris and Windows environments. In addition, Sun has created an implementation of WS-Management in Java programming language that it plans to release to the open source community at http://www.java.net. WS-Management also is a key component of the Microsoft Dynamic Systems Initiative and will ship as a standard part of Windows Server 2003 starting with R2.
Windows on Sun
Microsoft and Sun are committed to addressing customer needs in the field of 64-bit computing. The Sun Fire x64 server for x64 systems and Sun Java Workstation product lines carry the Designed for Windows logo, have passed Microsoft's stringent compatibility testing suite and are listed in the Windows Catalogs. Sun and Microsoft also have signed an agreement providing Sun back-line support for Windows on Sun systems.
Leading system integration companies including Accenture, EDS and NEC Corp. also support the Sun and Microsoft relationship and are providing interoperability between Sun and Microsoft products for their customers.
"Accenture is deploying for clients numerous solutions that combine the Sun and Microsoft environments, which require that the J2EE and Microsoft .NET platforms interoperate," said Don Rippert, chief technology officer at Accenture. "Microsoft and Sun are building easy interoperation into their product sets. This allows the Windows platform and the Java Enterprise System to communicate to ensure heterogeneous management, transaction integration and common authentication. Sun and Microsoft are providing what our clients are increasingly demanding: best-of-breed options based on proven interoperability from their technology providers."
"EDS is excited to enhance its relationship with both Sun Microsystems and Microsoft, which is already strong under the EDS Agility Alliance," said Charlie Feld, executive vice president, Portfolio Management, EDS. "EDS brings considerable expertise in delivering solutions combining Sun and Microsoft products and is a key partner in qualifying, delivering and supporting Solaris 10 on SPARC and AMD Opteron platforms from Sun. EDS also delivers Windows-based solutions on the AMD Opteron-based Sun Fire hardware platform"
"NEC is a strong partner to both Sun and Microsoft, and has considerable expertise delivering best-of-breed middleware solutions and services that help customers deploy and manage Sun and Microsoft technologies and products in their heterogeneous environments," said Toshiro Kawamura, senior executive vice president and member of the board at NEC. "NEC strongly supports interoperability between Solaris/Java Enterprise System and Windows/.NET and is committed to expand our expertise to assist customers deploying advanced identity solutions."
Protocol License for Sun Ray Thin Client Solutions
The companies announced that Sun has licensed Microsoft's Remote Desktop Protocol and will implement it in its Sun Ray ultra-thin client product line in the near future. This means that users of Sun Ray thin clients now can access Windows Terminal Services running on Windows Server 2003.
Windows Terminal Services enables users to remotely access and display Microsoft Windows running on Windows Server 2003 from a wide range of client devices, including those that do not run on Windows.