The inaugural face-to-face meeting of the OASIS WSFED TC will be held on June 6-7.  As one of the authors of WS-Federation 1.1 I am delighted to have the opportunity for my work to be publicly reviewed and improved.  It is my personal opinion that specifications are harder to get right than code.  I don’t know about you, but I do not have a toolbox filled with compilers, debuggers and test-harnesses for developing good specifications. 

That said, I have high confidence that WS-Federation 1.1 is a valuable specification, one that warrants the investment of my peers’ time and energy to participate in the public review and standardization process.  Why do I believe this?  Because we have had the advantage of “Standing on the shoulders of giants.”  Much of our work has benefited from the technical accomplishments and customer engagements of colleagues in the Liberty Alliance Project and the OASIS Security Services (SAML) TC.  

Like my good friend Kim Cameron I want to extend my appreciation and thanks to everyone in the Liberty and SAML communities for their years of hard work and outstanding contributions.  And as he states so well, I want to affirm that the authors of WS-Federation 1.1 believe we have produced an evolutionary spec, not just an alternative one.

Liberty has contributed deeply to understanding a whole series of use cases and requirements, and the protocols, formats and concepts proposed by the SAML working groups have been an important step forward for all of us involved with identity. Nothing about WS-Federation invalidates this work.

On the other hand, technology doesn’t stand still. Think back to the days when SAML was first posited as an alternative to LDAP authentication. Those of us involved in LDAP from the very beginning didn’t for one minute take LDAP as the end of all thinking about attributes and identity. Ask LDAP guru Mark Wahl, or Bob “RL” Morgan or Keith Hazelton – people deeply involved in Kerberos and LDAP but just as willing to embrace new technologies like SAML as meeting new use cases.

Just as SAML broke new ground, WS-Federation is intended to address a number of things that people working in Web Services want better defined to facilitate interoperation using WS-Security and WS-Trust.

These protocols hadn’t even been invented when SAML evolved. The idea of claims transformation is the most important technical advance in distributed computing for at least a decade. It is so powerful that it wasn’t even fully understood until we began to build things with it. So how can anyone expect SAML to deal in an optimal way with the issues that ultimately emerged? This doesn’t detract from SAML’s successes. That’s not how software engineering works.

Many key contributors to theFederated Identity space have already joined the OASIS WSFED TC and will be participating in the meeting next week.  A few friends and key colleagues are noticeably missing.  WS-Federation would not be ready without the incredible contributions you have made to our industry, and the lessons we have all learned through your participation in other specification projects.  

I sincerely ask that you come and help do it again.

thx — des