Sun's new Access Manager is now OpenSSO Enterprise Felix Gaehtgens of Kuppinger Cole gives some in-depth info on OpenSSO Enterprise 8.0 (registration required). (tags: federation identity saml opensso accessmanager kuppingercole felixgaehtgens sun )

A couple of weeks back at DIDW 2008 , I reported on a proof-of-concept that we put together at Intel where we combined Cardspace with our Identity Capable Platform (ICP) to show how ICP could extend/strengthen a cardspace deployment. While we used Cardspace in this demonstration, the code should work with any Identity Selector conforming to the Identity Selector Interoperability Profile. For those of you who don't know, ICP is a research project we have been working on at Intel exploring how identity

Kim Cameron writes of Google's failing to scope SAML assertions : But according to the research done by the paper’s authors, the Google engineers “simplified” the protocol, perhaps hoping to make it “more efficient”? So they dropped the whole ID and scope “thing” out of the assertion. All that was signed was the client’s identity. The result was that the relying party had no idea if the assertion was minted for it or for some other relying party. It was one-for-all and all-for-one at Google. While

Jeff responds to my note earlier suggesting that using psudonymous identifiers adds security depth: This is a very dangerous suggest as it implies that SAML is not secure enough without pseudonymous identifiers, the use of which makes SAML deployment a lot more complicated. Pseudonymous IDs are for privacy not security. If your system requires them to be secure, you have done something wrong. Period. I was in no way suggesting that SAML was not secure enough. However, I am of the opinion that any

I moderated a session at the recent SSO Summit titled “What is OAuth and WS-Trust, and where does it fit into your web services SSO initiatives“. “User-centric identity” is past-its-prime and “Identity as a Service‘ has already been beaten enough. And hence I was glad to get a chance to dig into the services/API use cases [...]

We have just enabled SignOn.com as an Auto-Connect IdP end point. What does this mean? If you are an SP and are interested in evaluating Auto-Connect, you can now use SignOn.com as an IdP to validate your setup. The short version A few months ago, Ping Identity announced the concept of Auto-Connect. Auto-Connect [...]

I am horribly behind schedule with my blog, I still have to post a wrapup of IIW but didn't find the time so far; however I want to quickly comment on the recent coverage of the Fedlet (see Pat himself here and Paul here ). I attended the nice IIW session during which Pat demonstrated the fedlet. I found it interesting and strangely familiar.At a certain point I could not help myself and asked: "Pat, just for the sake of expressing things in the terminology of a domain I am comfortable with: would

| View | Upload your own Slideshare doesn’t handle animation very well. So…here is a run down on the last demo. In addition to inter-operating with other participants, I demoed login to Google Apps, using a server from Ping, CardSpace from Microsoft and an Information Card from Sun. In terms of platform, Sun’s servers were [...]

I’ll be at RSA Conference next week participating in the following events. Concordia What: The current goal is to demonstrate that SAML, WS-Fed and Information cards can co-exist and some of use cases where it makes sense. For instance, if you already have a federation setup (using SAML or WS-Fed), you can leverage Information Cards as [...]

Share with everyone (a.k.a OpenID) Share with a selected few (a.k.a Shibboleth/InCommon) Share with the chosen one (a.k.a SAML, WS-Fed) Share with no one (a.k.a my kids and of course the identity silos). No Tags