Microsoft passes its first SAML 2.0 interoperability test

Microsoft's federated identity platform passed its first SAML 2.0 interoperability test with favorable marks, signaling the end to the vendor's standoff against the protocol. 11 security companies to watch The eight-week, multivendor interoperability workout conducted by the Liberty Alliance and the Kantara Initiative also resulted in passing marks for two other first-time entrants – SAP and Siemens. Results were announced Wednesday. "The Liberty Interoperable testing was a great opportunity to verify that Active Directory Federation Services (AD FS) 2.0 is interoperable with others' SAML 2.0 implementations. Return testers Entrust, IBM, Novell and Ping Identity also passed.

This should give our customers confidence that their federation deployments using ADFS will 'just work,'" says Conrad Bayer, product unit manager for federated identity at Microsoft. The company previously supported the SAML token, but never the transport profiles of the protocol. "It is significant that Microsoft participated given their previous stance on the SAML protocol," says Gerry Gebel, an analyst with the Burton Group. "For the first product version that supports SAML, they have covered the core bases." Microsoft's interoperability testing focused on SAML's Service Provider Lite, Identity Provider Lite and eGovernment profiles. In the past, Microsoft has been dismissive of the Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorization data between and among security checkpoints, preferring the WS-Federation and other protocols it helped develop. The company says it plans to support other SAML profiles based on demand. In addition, it was the first test to include an international group to test the eGovernment SAML 2.0 profile v1.5. The test featured the United States, New Zealand and Denmark. "The fact that we were able to put so many new implementations through a full matrix, rigorous interoperability test speaks to the maturity of the SAML 2 protocol," says Brett McDowell, executive director of the Kantara Initiative. "And it is not just implementation; there is a tremendous amount of deployments." "Full matrix" testing means all participants must test against each other. The interoperability event featured the largest group of participants ever for the testing, which has been run twice previously.

The test was conducted over the Internet from points around the globe using real-world scenarios between service providers and identity providers as defined by the SAML 2.0 specification. ADFS 2.0 is part of a larger identity platform that includes Windows Identity Foundation and Windows Cardspace. Microsoft participated in the testing with Active Directory Federation Services 2.0 (formerly code-named Geneva), which is slated to ship later this year. Microsoft said earlier this year it would have SAML 2.0 certification before it released Geneva. ADFS 2.0 provides identity information and serves as a Security Token Service (STS), a transformation engine that is key to Microsoft's identity architecture. The SAML profiles ADFS 2.0 supports cover the core features of federation.

ADFS lets companies extend Active Directory to create single sign-on between local network resources and cloud services. The issue was noted in a report by the Drummond Group, which conducted the testing, and centered on long URL values mostly when encryption was enabled during specific operations. It wasn't all smooth sailing for Microsoft, however, as some participants reported problems using Internet Explorer 6.0 and 7.0 for SAML single sign-on, which is primarily a Web browser action. Internet Explorer does not accept URLs longer than 2,083 characters. Microsoft tested against IE 8 and Firefox 3.5.2. While Microsoft's participation was an important milestone for the advancement of SAML, McDowell says the current testing is significant on other fronts. Testers got around the issue by using other browsers.

The test marks a transition with the Kantara Initiative now taking over future tests. The level of cooperation between governments will serve as a model for other industries, he says. The group will adopt the Liberty Alliance testing methods and expand the scope of tests to include other protocols in addition to SAML. And it will build off the eGovernment profile testing as new profiles for other vertical markets, including healthcare and telecommunications, are developed. "Having countries come together and agree on a deployment profile, that is not to be understated," McDowell says. In addition, next year Kantara will pick two other protocols to test from a list made up of WS-Security, Information Card, Identity Metasystem Interoperability, OAuth and XRD. Kantara also will take cues from Project Concordia and eventually begin to test cross-protocol interoperability. Follow John on Twitter.

The next Kantara interoperability test is slated for next year.

Undercover 1.5 ousts iPhone thieves with push notifications

It's 2 AM. Do you know where your iPhone is? What if you want an app devoted to recovering a stolen iPhone or iPod Touch-one that has a few more tricks up its sleeve? Well, maybe you do, thanks to MobileMe's "Find my iPhone," but what if you're not a MobileMe subscriber?

That's exactly what Orbicule's Undercover for iPhone is. Our iPhones are now smarter, faster, stronger, better, and able to let third-party apps do more than ever. We've already covered this app and its Mac OS X cousin, back when push notifications were little more than a bullet point on a wish list, but times have changed. Back in the 1.0 days, when Undercover was just a wee lad, you had to fool your iPhone's captor into launching the app before it was able to transmit its location. You can make the messages as enticing as you want-say, by having them pretend to be a notification from your bank account.

Not an easy task: Thanks to App Store policy, apps cannot change their names or icons, and I'm guessing that all but the thickest criminals knew better than to launch an application called "Undercover." Now you have the ability to send push notifications with any message of your choosing directly to the iPhone-yes, just like MobileMe. But the comparisons end there. If the crook chooses to view the push notification, Undercover will launch, disguised either as a game that's taking its sweet time to load or loading any Website of your choosing, such as the aforementioned bank's. While the thief is distracted, Undercover will be happy to save the device's GPS coordinates and IP address to Orbicule's Website. They'll also be sent directly to any police officer you've contacted to work on the case and registered in Orbicule's Undercover Center. Each time that Undercover launches, it will save a new set of coordinates that you can view in Google Maps. Orbicule has made a video to demonstrate this killer feature. You could use Find My iPhone to collect live GPS information from MobileMe and log a record of GPS coordinates via Orbicule, submitting it all to the police.

It looks as though this app could be used not only as an alternative to Find My iPhone, but a nice companion app as well. It's still far from perfect, at least until (or unless) Apple can be made to change their iPhone app policies to let third-party apps like Undercover do a little more. It requires iPhone OS 3.0 or later. Undercover for the iPhone costs $5 and works on all iPhones and iPod touches.

Smartphones surge globally in Q3, despite recession

Smartphone shipments were up 4.2% globally in the third quarter and reached a record total for a quarter despite the poor economy, market research firm IDC said today. IDC analyst Ramon Llamas said the demand in the third quarter was strong ,as it has been all year, noting that smartphones offer entertainment and a variety of functions that aren't available in traditional mobile phones. "As users expect greater functionality from their devices beyond telephony, we believe the [smartphone] market will continue to grow faster than the overall mobile phone market," Llamas said in a statement. Smartphone vendors shipped 43.3 million smartphones, such as the iPhone, in the third quarter, up 4.2% over the 41.5 million shipped in third quarter of 2008, IDC said. IDC analyst Will Stofega added that the Android operating system, which runs on devices from several manufacturers with more to come, has added to interest in smartphones.

Even though the iPhone gets most of the attention in the U.S., with more than 40 million units sold globally in more than two years, Nokia is still the global leader in smartphone shipments, IDC noted. He said he expects Android to pose a "serious challenge" to incumbent smartphones such as iPhones, Blackberries and those running Windows Mobile. Its flagship product is the N97, but it also has announced the N900, which runs the Maemo mobile Linux operating system . Nokia saw a 6.6% growth in smartphone shipments, to 16.4 million, in the third quarter, compared with 15.4 million in the same quarter of 2008. That gave Nokia nearly 38% of the smartphone market. Apple shipped 7.4 million devices, up 7% over the third quarter of 2008, giving it third place in smartphone shipments, or 17% of the market. Research in Motion, maker of several popular BlackBerry devices, was second, with 19% of the market in the quarter, having shipped 36% more smartphones in the third quarter, for a total of 8.2 million, IDC said. IDC did not compile the total for all Android or Windows Mobile devices, which run over a variety of devices.

Samsung was fifth, with 3.5% of the market or 1.5 million shipped. For the other device makers, HTC finished fourth with 5.6% of the shipments, or 2.4 million shipped. All others totaled nearly 17% of the market, with 7.3 million shipped. In addition to being the most shipments for a single quarter, the third quarter total of 43.3 million was up 3.2% from the 41.9 million shipped in the second quarter of 2009, IDC added.

Is Facebook Prepping a New Homepage?

New tweaks to the Facebook homepage have been spotted in the wild that may make it easier to see what's going on within your network. Screenshots of the new homepage first appeared on The Next Web, and Inside Facebook. New features include improved filters for the newsfeed, a revised right-hand column and a new Publisher box reminiscent of Facebook Lite. A Facebook spokesperson has confirmed the social network is currently testing a new homepage designs.

Facebook Publisher The most obvious change of the proposed redesign is the disappearance of the "Publisher" box where you post status updates, Web links, photos, videos and events. Still, without explicit confirmation the new features should be considered rumor. Instead, you would simply have an "Update Status" button on the far right side of the news feed. News Feed Filter Where the Publisher typically sits, Facebook has placed a filter for your News Feed called 'View Top News.' The new filter looks like it functions similarly to the 'Comments' link now sitting in the left-hand column of your Facebook homepage. There are no screen shots showing how this button works or if it contains the same functionality as the Publisher, but I would assume it would do the same job.

Next to the top news filters is a title that looks like it alternates between headlines like 'Evening News' and 'Recent Stories' depending on the time of day you're viewing it. Although the new filter is just a minor tweak, this may be the first visible sign of FriendFeed-like features on Facebook. The central placement of the top news filter may make it a more popular feature by helping users keep tabs on any Facebook activity they may have missed. As Mashable points out, the new filter is similar to FriendFeed's Best of Day feature. This brings the 'Events' feature closer to the top of the page making it easier to see upcoming birthdays, parties and other events within your network. Right-Hand Column Another interesting tweak is the removal of the 'Highlights' section in the right hand column.

This is a welcome change since it moves more useful information to a place where you might actually see it. Facebook's Dark Past with Redesigns Until Facebook makes an announcement about new features, it's hard to know what new redesigns users will see. It's interesting to note that this tweak would make the Facebook home page closer to the failed redesign that Facebook users revolted against back in March. It should also be noted that the rumored tweaks look similar to features found in Facebook Lite, which makes me wonder if this just isn't a revision of that format. When Facebook caved to its user base earlier this year over a significant homepage redesign, I thought the social network made a huge mistake.

Of course, even if Facebook rolls out some new homepage features, there's no guarantee they'll stick around. I, for one, actually like the failed redesign, and the hodgepodge revision we ended up with had some serious flaws, like the poor placement of the 'Events' section. If users revolt once more, which I'm sure they will, Facebook should grow a pair and stick to its redesign plans.

Intel announces storage- and communications-specific processor

Intel Corp. today announced it will be shipping an enhanced version of its dual-processing Nehalem Xeon chip that is aimed specifically at the data storage and communications market with the ability to natively create RAID and is integrated with PCI Express (PCIe). The processors, due out in December, are aimed at applications such as ultra-dense blades, IPTV, VoIP, network-attached storage (NAS) and storage area networks (SAN). debuted its new Nehalem-based Xeon microprocessor code-named Jasper Forest in April. Intel said the enhanced processor lowers system power consumption by 27 watts when compared to the Intel Xeon 5500 series and it integrates two Jasper Forest processors with 16 PCIe Generation 2.0 lanes each and is paired with the Intel 3420 chipset platform controller hub. The new Jasper Forest processors are capable of configuring storage as a RAID 5 or 6, protecting against single or dual disk failure, respectively. "Nehalem cores are quite powerful, but customers still want to be able to offload storage functions to a core, especially when you get down into two-core and single core versions of processors, really simplifies the architecture," said Seth Bobroff, general manager of Intel s Server Platforms Group.

This integration of the I/O hub via PCIe enables significant power and space savings, resulting in one of the highest performance-per-watt Intel Xeon chips ever. Jasper Forest provides a scalable option to system designers with a single-core, 23-watt processor to a quad-core, 85-watt processor using the same socket. The processors, which come in single or quad-core models, will offer a bridging functionality that allows multiple systems to connect over a PCIe link, removing the need for an external PCIe switch. The chips will also protect against data in case of a power failure with a function called Integrated Asynchronous Dynamic Random Access Memory Self-Refresh memory. Bobroff said that in terms of work load consolidation, the new Jasper Forest chip can natively handle storage management processing functions such as data deduplication, data snap shots, storage virtualization and any basic storage management requirements. "All the control and management aspects of storage management systems and with RAID being integrated into a CPU can simplify hardware and software design," he said. "There s no hardware acceleration for algorithms like we have here." The processor is also suited to support the Storage Bridge Bay specification , which is currently being developed as a way to plug control boards directly into storage arrays, allowing for a denser architecture. The feature automatically detects a power failure as it s happening and enables allows memory controller sequences to finish and forces the system memory to a self refresh before shutting down.

Today, storage controllers require a separate blade slot. The processors will be offered with 7-year lifecycle support.

Sun to cut 3,000 jobs as Oracle awaits approval for deal

Sun Microsystems will lay off up to 3,000 workers over the next 12 months as Oracle awaits approval from European regulators for its acquisition of the company. In a filing with U.S. regulators Tuesday, Sun said it was making the cuts "in light of the delay in closing the acquisition." It said the move will "better align the company's resources with its strategic business objectives." Sun will take a charge of $75 million to $125 million for the job cuts, mostly for cash severance payments, it said. Sun is losing US$100 million a month while it awaits approval for the deal, Oracle CEO Larry Ellison said last month, so news of the layoffs came as no great surprise. It expects to incur most of the charges in the second and third quarters of its fiscal year, which means the current calendar quarter and the first three months next year.

Tony Sacconaghi, a technology analyst with Sanford C. Bernstein & Co., has said Oracle may cut up to 10,000 jobs once the deal is complete. Job cuts were a likely consequence of the deal in any case. Sun already announced plans last November to axe between 5,000 and 6,000 jobs to improve its financial position. The U.S. Department of Justice approved Oracle's $7.4 billion acquisition of Sun in August, but the European Commission has launched an investigation that could last until January. The cuts announced Tuesday, which amount to about 10 percent of Sun's workforce, are in addition to the earlier reductions, a Sun spokeswoman said.

The regulators say they are concerned about the effect that Oracle's ownership of Sun's MySQL database will have on the open-source software market.