Interesting post from James on the possibilities of Windows desktop systems being SAML identity providers (IdPs). Currently, a similar mechanism exists for desktop single sign-on from Windows (via SPNEGO , using Kerberos tokens, which, by the way, OpenSSO and Access Manager support directly, no IIS 'bounce' required), but this is limited to a single enterprise's AD infrastructure and can be pretty tricky to deploy. It's easy to imagine IE submitting SAML assertions to service providers at Internet

Ahh, I’ve been looking forward for this post for a looong time. We just made available for download the bits of the Beta of “Zermatt” Developer Identity Framework . “ Zermatt ” is the codename of a .NET framework that helps developers build claims-aware applications to address challenging application security requirements using a simplified application access model. Let me expand a bit on that. If you want to develop applications that take advantage of claims & identity Metasystem goodness in

Microsoft has released a beta of its most important developer tool to date

Brett McDowell, executive director of Liberty Alliance, is one of the founding members.

Amongst other things, those that attract lots of users.

Sean Nolan explains his approach to user-centric identity

Ping wins Morgan Stanley's CTO Summit Innovation Award

OASIS Open Standards Forum 2008 , Ditton Park Road Datchet , Slough Berkshire SL3 9LL , Near London , SL3 9LL , (44) (0) 1753 242880 OASIS Open Standards Forum 2008 September 30-October 3, 2008 Topics include, but are not limited to: High-level overviews of security challenges, and the landscape of security standards being developed to address them Case studies, requirements, deployment overviews, profiles from specific sectors or application areas (e-governments, telecom, financial services, healthcare...)

The power of bookmarklets is still to be seen in many situations. Consider the "Where Are You From?" (WAYF) problem, a common issue with federation technologies. The simple question of where to send the user to complete a federated authentication is one of the more complicated and error prone issues in identity federation. The key metrics for any WAYF solution are that the user should have the opportunity to choose any relevant identity context and the process should be hard for a RP to subvert.

The Sun Developer Network 's Marina Sum spent some time recently talking to my fellow Federated Access Manager architect Rajeev Angal about Virtual Federation , a new feature forthcoming in Sun Federated Access Manager 8.0 (but available now, of course, in OpenSSO ). Virtual Federation promises to simplify federation by allowing legacy applications to interact across enterprise boundaries via a SAML 'tunnel'. Read the interview for an overview of Virtual Federation. I'll try to persuade Rajeev to