Liberty Alliance ID-WSF Framework
-
Upload
alexandria-anagnos -
Category
Documents
-
view
54 -
download
3
description
Transcript of Liberty Alliance ID-WSF Framework
Liberty Alliance ID-WSF Framework
Mikko Laukkanen
Introduction
Liberty Alliance Standards for federated identity
What is federated identity? A set of attributes on various accounts
with different service providers Name, address, phone number, credit
card number Liberty provides standards for
delivering identity-based Web services
Terminology
Principal (end-user) is a system entity, whose identity can be authenticated
Identity provider (IdP) authenticates and manages identity information of end-users
Service provider (SP) is typically a website or a web service which provides end-users with services
Circle of Trust (CoT) is a federation of service providers and identity providers
Identity service stores and provides end-user's identity information to other components (mainly SPs)
Discovery service facilitates the registration and the discovery of identity service instances
Web service consumer (WSC) makes requests to a Web services, and is usually a service provider.
Web service provider implements a Web service.
Players on the Field
End users Simplicity Personalized services
Idenitity Providers Large (customer) base of identities Authentication and identity service hosting
Service Providers Simplicity, ease of deployment Large customer base
Hardware/software vendors Liberty-enabled devices, products, and
platforms
Three Phases of Specifications
Bootstrapping ID-WSF with ID-FF
ID-FF ID-WSF
IDP DS
End-userWSP
(Prefs)
WSP
WSP(Geoloc)
SP / WSC
1
23
45
6 7
89
12
13
(1) ”Give me service!”(2) ”Who is this guy?”(3) ”Who are you?”(4) ”I’m Mikko!”(5) ”He is Mikko.”(6,7) ”Where are Mikko’s prefs?”(8,9) ”Here are Mikko’s prefs.”
10
11
(10,11) ”Where is Mikko’s geoloc?”(12,13) ”Here is Mikko’s geoloc?”
ID-WSF Framework
ID-WSF Specifications
SOAP Binding Specification Discovery Service Specification Security Mechanisms Specification Interaction Service Specification Data Services Template Specification Personal and Employee Profiles Supportive ID-WSF Documents
ID-WSF 2.0
SAML 2.0 People Service Advanced DST support Improved LUAD
Mobile Aspects of ID-WSF
Liberty Reverse HTTP Binding for SOAP Specification (PAOS)
Client Profiles for Liberty-enabled User Agents or Devices (LUAD)
Authentication Service Specification
Use Case of ID-WSF Based Service
Use Case Remarks
Browser-based interactions Many steps require user interactions Initial service access, authentication,
consent, selection of restaurant, ... LUAD-based interactions
Many steps can be delegate to software agents: initial service access, authentication, even consent?
Fully implementable using currently available Liberty platforms and devices
Discussion and Future of ID-WSF
Liberty work driven by market needs ID-WSF technical work done, excl. the
finalization of ID-WSF 2.0 Liberty do not take stance on mobile
aspects, other than PAOS and LUAD Future work includes developing
business guidelines and best-practices documents ... and specification work for strong
authentication (ID-SAFE)
Thank you!
Questions & Comments?