ID-WSF

Last updated

In computer networking, Identity Web Services Framework is a protocol stack that profiles WS-Security, WS-Addressing, SAML and adds new protocol specifications of its own, such as the Discovery Service, for open market per user service discovery, and the People Service for delegation and social networking.

Contents

Development

The ID-WSF stack was developed by the Liberty Alliance. The first release, ID-WSF 1.0 (and subsequent 1.1 and 1.2) were released in 2003. ID-WSF1 was interoperability tested [1] among several vendor implementations, which received certification from the Liberty Alliance.

However, the first version of ID-WSF was not widely adopted. Perhaps the only significant adoption was by France Telecom and the French government's Mon Service Public. Some adoption happened in Japan as well. Liberty Alliance proceeded to create an improved version, the ID-WSF 2.0 in 2006, which included harmonization with certain WS-* technologies, such as WS-Addressing and WS-Security. These changes were vigorously, and successfully, lobbied by Conor Cahill of AOL (at the time). ID-WSF 2.0 interoperability certification was participated by several major league vendors, as well as by startups and open source projects. [2]

Since then, ID-WSF 2.0 has become the only widely accepted interoperable profile of WS-* technologies. Its strength is essentially in narrow focus where tight enough profile for interoperability was specified. ID-WSF 2.0 interoperability certification by Liberty Alliance was accomplished by several vendors, including some open source.

ID-WSF 2.0 has been adopted as standards base by the Finnish e-government project and by the European Commission FP7 project TAS3.

List of Implementations of ID-WSF

Related Research Articles

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services. UPnP is intended primarily for residential networks without enterprise-class devices.

Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.

Liberty Alliance

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Shibboleth (software) Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

OpenID Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by cooperating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log into multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign onto any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

Windows CardSpace Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

The Devices Profile for Web Services (DPWS) defines a minimal set of implementation constraints to enable secure web service messaging, discovery, description, and eventing on resource-constrained devices.

OPC Unified Architecture is a machine to machine communication protocol for industrial automation developed by the OPC Foundation. Distinguishing characteristics are:

Web Single Sign-On Interoperability Profile is a Web Services and Federated identity specification, published by Microsoft and Sun Microsystems that defines interoperability between WS-Federation and the Liberty Alliance protocols.

Information card

Information cards are personal digital identities that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor is implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.

The Identity Governance Framework was a project of the Liberty Alliance for standards to help enterprises determine and control how identity information is used, stored, and propagated using protocols such as LDAP, SAML, and WS-Trust and ID-WSF.

Open Automated Demand Response (OpenADR) is a research and standards development effort for energy management led by North American research labs and companies. The typical use is to send information and signals to cause electrical power-using devices to be turned off during periods of high demand.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

CIPURSE is an open security standard for transit fare collection systems. It makes use of smart card technologies and additional security measures.

ZXID.org Identity Management toolkit implements standalone SAML 2.0, Liberty ID-WSF 2.0, and XACML 2.0 stacks and aims at implementing all popular federation, SSO, and ID Web Services protocols. It is a C implementation with minimal external dependencies - OpenSSL, CURL, and zlib – ensuring easy deployment. Due to its small footprint and efficient and accurate schema driven implementation, it is suitable for embedded and high volume applications. Language bindings to all popular highlevel languages such as PHP, Perl, and Java, are provided via SWIG. ZXID implements, as of Nov 2011, SP, IdP, WSC, WSP, Discovery, PEP, and PDP roles. ZXID is the reference implementation of the core security architecture of the TAS3.eu project.

Cloud Infrastructure Management Interface (CIMI) is an open standard API specification for managing cloud infrastructure.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

References

  1. "Liberty Alliance Interoperability Programme for ID-WSF-1.1, 2005".
  2. Licht, William (November 12, 2021). "ID-WSF 2.0".
  3. "One Identity | Unified Identity Security".