Chapter 11. Interoperability Standards

Interoperability is the most significant challenge to any enterprise contemplating building an identity management infrastructure. As a result, there are a number of standards bodies working to build a common foundation in some of the areas of digital identity management that we've already discussed, including:

This chapter briefly describes the problem domains and some of the standards being developed to address them. The idea is not to provide detailed tutorials on any standard, but rather to familiarize you with the ideas, concepts, and working models behind them.

This chapter will discuss several specific standards in these problem domains, including SAML, SPML, and XACML. Of these, SAML has wide industry adoption and the standard is well developed. The other two are not as widely supported. SPML has some adoption, but the standard is still undergoing transition and improvement. I'm not convinced that XACML, as it is defined now, will ever be widely adopted.

Why discuss standards that aren't fully baked? Simply because such standards represent a class that fits a problem domain. If XACML doesn't make it, something like it will. In Chapter 5, we discussed the digital identity management lifecycle. Figure 11-1 shows the lifecycle annotated with the name of a standard that supports that phase. You can see that SPML and XACML both fill important needs in the lifecycle.


These standards are all based on XML. XML is the de facto language for designing standards because of the wide variety of tools for creating, managing, and using XML. While using these standards to solve identity problems requires XML expertise, our discussion will not require much more than a passing acquaintance with XML.