Sun's new Access Manager is now OpenSSO Enterprise Felix Gaehtgens of Kuppinger Cole gives some in-depth info on OpenSSO Enterprise 8.0 (registration required). (tags: federation identity saml opensso accessmanager kuppingercole felixgaehtgens sun )

Interesting post from James on the possibilities of Windows desktop systems being SAML identity providers (IdPs). Currently, a similar mechanism exists for desktop single sign-on from Windows (via SPNEGO , using Kerberos tokens, which, by the way, OpenSSO and Access Manager support directly, no IIS 'bounce' required), but this is limited to a single enterprise's AD infrastructure and can be pretty tricky to deploy. It's easy to imagine IE submitting SAML assertions to service providers at Internet

The power of bookmarklets is still to be seen in many situations. Consider the "Where Are You From?" (WAYF) problem, a common issue with federation technologies. The simple question of where to send the user to complete a federated authentication is one of the more complicated and error prone issues in identity federation. The key metrics for any WAYF solution are that the user should have the opportunity to choose any relevant identity context and the process should be hard for a RP to subvert.

| View | Upload your own Slideshare doesn’t handle animation very well. So…here is a run down on the last demo. In addition to inter-operating with other participants, I demoed login to Google Apps, using a server from Ping, CardSpace from Microsoft and an Information Card from Sun. In terms of platform, Sun’s servers were [...]

I’ll be at RSA Conference next week participating in the following events. Concordia What: The current goal is to demonstrate that SAML, WS-Fed and Information cards can co-exist and some of use cases where it makes sense. For instance, if you already have a federation setup (using SAML or WS-Fed), you can leverage Information Cards as [...]

Trust is the business word for love. Identity Federation is the cello tape that ties the business world together. Federation car needs to hitch on the train that is online collaboration. Borrowing from one of ***’s presentation - federation needs to become a Viagra solution (i.e. giving more powers) and not just a painkiller (i.e. solving an [...]

Nan-in, a Japanese master during the Meiji era (1868-1912), received a university professor who came to inquire about Zen. Nan-in served tea. He poured his visitor’s cup full, and then kept on pouring. The professor watched the overflow until he no longer could restrain himself. “It is overfull. No more will go in!” “Like this cup,” Nan-in said, [...]

To date, the vast majority of real-world federation roll-outs have been internal or enterprise type deployments. Things like an enterprise authenticating its users out to an outsourced provider (such as a Fidelity 401K, or AOL's Radio Service). Yes there are many exceptions to this general statement (you can see many of them on Liberty's Adoption Page ), but that is the general view of the industry and I certainly don't knowingly use federation in any cross-provider operations. The time has come

I recently received a comment on my SAML Bashing blog entry. "Jeremy" (not sure which Jeremy as he was otherwise anonymous in his comment -- I wonder if it's really James in disguise -- this seems the kind of comment James would leave, but James is usually quite blatant about it, not hiding behind an identity pseudonym) asked: Kim stated "The question of how the relying party knows which identity provider URL to use is open ended. In a portal scenario, the address might be hard wired, pointing to