Dr. John Gøtze, a Danish e-government consultant and OASIS IT contractor, provides more background on the Danish government’s decision around requiring SAML V2.0 support. His colleague in the Danish Ministry of Technology, Science and Innovation sent an open letter to Microsoft a couple of months ago. A snippet:
- You are cited saying: SAML 2.0 protocols are fine for strictly Web single sign-on. In your view is exchange of attributes, and assertions about access rights a part of Web single sign-on? Or do you assert that SAML 2.0 isn’t well suited for these tasks?
- You are cited saying: SAML 2.0 does not have reliable messaging or transaction support. As far as we can tell neither have WS-Federation, and obviously such functionality should be covered in standards that focus on reliable messaging and transaction, so is your position that SAML 2.0 will not work well with the standards for reliable messaging and transactions that OASIS is working to finalize?
- What other motivations does Microsoft have for not supporting SAML 2.0 in the currently released product?
Pretty direct questions… Dr. Gøtze plans to follow up to find out if there was a response that can be shared. The letter was directed to Don Schmidt, a Microsoft guy I like and respect (and blogged a picture of…). It will be interesting to find out more about how this played out.
The open letter is very interesting, though it appears to be addressed to someone else at Microsoft. I couldn’t understand the “You are cited saying” pieces until I got this part:
“So far our only source for information has been news articles (as in http://www.infoworld.com/article/05/11/17/HNmssaml2support_1.html) about your decision not to support SAML 2.0. These articles may not contain a valid representation of your message, and even if this is the case really their content doesn’t help us understand the Microsoft motivation.”
about an appeal to have support for SAML 2.0 in Microsoft Active Directory. It will be interesting to find out what the official response is.
Dr. Gøtze explains that the letter was routed through Microsoft Denmark to Don S. He does seem to know the back story, so I’m assuming he’s correct on this; you’re right that Don’s name isn’t mentioned in the letter.
The PDF Eve and I link to is a copy of an email from the Ministry of Science, Technology and Innovation sent to Anders Nørskov, who is Public Sector Strategy Manager in Microsoft Denmark. The blurb in Danish first is a greeting followed by a request to forward the letter to Don Schmidt.
To give a bit more context, the letter is sent on behalf of the National IT Architecture Committee. See the various docs, in Danish, here: http://www.oio.dk/arkitektur/fora/OIO-it-arkitekturkomiteen/moder/210306
There is an 11-paged, solidly argumented background document, again in Danish. I hope Søren Peter from the ministry, who wrote that doc, will make an English translation, because it’s very good stuff.
For the record, Søren Peter is a _former_ collegue of mine (I left the ministry last year).
The IDABC-news story is more or less a literal translation of the decision made by the committee (i.e., the press release that was launched after the decision)..
Thanks so much for providing this additional information! I wonder if poor Mr. Peter, on his holiday, senses that some people are breathlessly awaiting his return. :-)