Why is WS-Federation being republished and proposed for standardization now?

The original version of the WS-Federation specification was developed through open workshops and vendor interoperability testing, in keeping with the WS-* Specification Process. When WS-Federation 1.0, was published in July 2003 we anticipated two distinct types of federation clients, Active and Passive Requestors. At that time our focus was on Web Single Sign-on (Web SSO) for browser clients and web applications, so we drafted a profile for passive requestors.

Driven by customer demand for Web SSO solutions, numerous vendors built prototypes based on this fledgling profile. There was one defining event which convinced many of us that it was time to develop commercial products. This was the Multiprotocol Federation Interoperability Demonstration hosted by the Burton Group at their Catalyst Conference North America in July, 2005. Today many vendors are shipping (or have announced development of) Web SSO products based on WS-Federation 1.0.

During this time the concept of Federated Identity has garnered a great deal of interest from a wide variety of sources. The computer, security and identity industries have come to greatly improve their understanding of the ways in which identity information is most effectively federated. Customer experience has indicated that an Active Requestor Profile is not required; SOAP requestors can use the WS-Trust protocol directly. Since support for browser-only clients is such a small part of WS-Federation, a separate Passive Requestor Profile is no longer warranted. The draft passive profile has been incorporated to ensure backwards compatibility with released products. The republication of WS-Federation 1.1 incorporates this improved understanding and enables several enhanced scenarios.

At the previously mentioned Catalyst Conference, Microsoft and IBM announced plans to submit three WS-* specifications, WS-Trust, WS-SecureConversation and WS-SecurityPolicy, to OASIS. The ratification of these specifications as OASIS standards is almost complete.

WS-Federation is the capstone of the web services security stack. A fundamental goal is to provide a common protocol for performing Federated Identity operations for both web services and browser-based applications. A common protocol simplifies product development, testing, deployment and maintenance for vendors and customers alike.

The authors of WS-Federation believe that this specification is ready to complete the journey begun in the WSS and WS-SX Technical Committees. Please join us in the WSFED TC and help ratify WS-Federation 1.1 as an OASIS standard.