One year after IBM and Microsoft Corp. released a number of standards for securing Web services, Arvind Krishna (seen above), vice president of security products for Tivoli software from IBM, said 2004 is the year enterprises will really begin to use federated identity to protect computing environments. Krishna, who is instrumental in managing the path IBM takes in this new arena, said IBM and Microsoft will need to work with the Liberty Alliance to ensure that one standard emerges for federated identity.
eWEEK Labs Senior Writer Anne Chen recently spoke with Krishna about IBM’s role in Web services security standards, how the WS-Federation framework (from the Web Services Interoperability Organization backed by IBM and Microsoft) will play nice with Liberty Alliance and how federated identity will change enterprise computing.
Vendors have been talking about federated identity as the next big thing for more than a year now. What makes 2004 different?
Both the Liberty Alliance and WS-I released standards last year, and now the standards are reasonable enough that an enterprise can begin to do an implementation and deployment using those standards.
Enterprises are now ready to begin their first projects to leverage these technologies for a crucial business division. In this year, we’ll really see deployments that leverage technologies to solve problems we just could not solve before. Web services will enable us to knit together one vendor’s set of products with that of another vendor’s to leverage everything, and I think this will happen in a big way this year.
The idea that an enterprise can present all these different services to a customer using one interface is just tremendous.
What are some other drivers for the move toward federated identity?
Compliance is a huge issue this year because it comes in many flavors and forms. Enterprises need to be compliant with the rules and regulations under which their business or industry operates.
Beyond legal rules, enterprises are becoming increasingly concerned with what could be perceived as bad behavior. They want to be models of good corporate governance beyond basic laws and are looking for solutions and technologies that will help them to achieve these goals.
What are some common misconceptions about federated identity and Web services?
Are we going to re-engineer old applications to work with federation? No. But we will use it in new markets to do just that. There is no cost benefit to re-engineer legacy applications, but on a Web site, there is only benefit to provide 17 different services [with] only one sign-on that enables you to use all of those services. Enterprises need to look at federation as an effective way to solve problems for new applications.