Interoperability between Heterogeneous Federation Architectures: Illustration with SAML and WS-Federation

Abstract

Digital identity management intra and inter information systems, and, service oriented architectures, are the roots of identity federation. This kind of security architectures aims at enabling information system interoperability. Existing architectures, however, do not consider interoperability of heterogeneous federation architectures, which rely on different federation protocols. In this paper, we try to initiate an in-depth reflection on this issue, through the comparison of two main federation architecture specifications: SAML (Security Assertion Markup Language) and WS-Federation. We firstly propose an overall outline of identity federation. We furthermore address the issue of interoperability for federation architectures using a different federation protocol. Afterwards, we compare SAML and WS-Federation. Eventually, we define the ways of convergence, and therefore, of interoperability.