Sun's new Access Manager is now OpenSSO Enterprise Felix Gaehtgens of Kuppinger Cole gives some in-depth info on OpenSSO Enterprise 8.0 (registration required). (tags: federation identity saml opensso accessmanager kuppingercole felixgaehtgens sun )

A couple of weeks back at DIDW 2008 , I reported on a proof-of-concept that we put together at Intel where we combined Cardspace with our Identity Capable Platform (ICP) to show how ICP could extend/strengthen a cardspace deployment. While we used Cardspace in this demonstration, the code should work with any Identity Selector conforming to the Identity Selector Interoperability Profile. For those of you who don't know, ICP is a research project we have been working on at Intel exploring how identity

Kim Cameron writes of Google's failing to scope SAML assertions : But according to the research done by the paper’s authors, the Google engineers “simplified” the protocol, perhaps hoping to make it “more efficient”? So they dropped the whole ID and scope “thing” out of the assertion. All that was signed was the client’s identity. The result was that the relying party had no idea if the assertion was minted for it or for some other relying party. It was one-for-all and all-for-one at Google. While

Jeff responds to my note earlier suggesting that using psudonymous identifiers adds security depth: This is a very dangerous suggest as it implies that SAML is not secure enough without pseudonymous identifiers, the use of which makes SAML deployment a lot more complicated. Pseudonymous IDs are for privacy not security. If your system requires them to be secure, you have done something wrong. Period. I was in no way suggesting that SAML was not secure enough. However, I am of the opinion that any

I moderated a session at the recent SSO Summit titled “What is OAuth and WS-Trust, and where does it fit into your web services SSO initiatives“. “User-centric identity” is past-its-prime and “Identity as a Service‘ has already been beaten enough. And hence I was glad to get a chance to dig into the services/API use cases [...]

I mentioned that I was looking for new opportunitie s but I have decided to concentrate my independent Microsoft .NET consulting on all things Connected Systems and Messaging. I see many shops around the country struggling with WCF and WF. In this area, I have been a part of the WCF and WF SDRs for 4 years now since the beginning and part of the large 2-year WCF and WF effort at Algorithmics. I am available, on a consulting basis , to help you with your WCF, WF and BizTalk needs. In addition, I believe

Interesting post from James on the possibilities of Windows desktop systems being SAML identity providers (IdPs). Currently, a similar mechanism exists for desktop single sign-on from Windows (via SPNEGO , using Kerberos tokens, which, by the way, OpenSSO and Access Manager support directly, no IIS 'bounce' required), but this is limited to a single enterprise's AD infrastructure and can be pretty tricky to deploy. It's easy to imagine IE submitting SAML assertions to service providers at Internet

YAF? (“Yet Another Foundation?”) Some in the identity community have had that reaction to the announcement of the Information Card Foundation (ICF) today at the start of the Burton Catalyst conference in San Diego. As one of two members of the ICF board who also serve on the OpenID Foundation (OIDF) board (Mike Jones is the [...]

We have just enabled SignOn.com as an Auto-Connect IdP end point. What does this mean? If you are an SP and are interested in evaluating Auto-Connect, you can now use SignOn.com as an IdP to validate your setup. The short version A few months ago, Ping Identity announced the concept of Auto-Connect. Auto-Connect [...]

The power of bookmarklets is still to be seen in many situations. Consider the "Where Are You From?" (WAYF) problem, a common issue with federation technologies. The simple question of where to send the user to complete a federated authentication is one of the more complicated and error prone issues in identity federation. The key metrics for any WAYF solution are that the user should have the opportunity to choose any relevant identity context and the process should be hard for a RP to subvert.