WS-Security based products and services

Last updated

WS-Security is a flexible and feature-rich extension to SOAP to apply security to web services. It is a member of the WS-* family of web service specifications and was published by OASIS. [1] Closely related to WS-Security is WS-Trust, also a WS-* specification and OASIS standard that provides extensions to WS-Security.

The following are WS-Security based products and services:

Product NameProject/VendorDescriptionStandards/Protocols/Functionalities
BAAR-IGABAAR TechnologiesIdentity and Access ManagementWS-Security, WS-Trust, WS-Federation, SAML, OAuth, OpenID Connect, OpenID, CAS, Single Sign On, Attribute based SSO
CA SiteMinder / CA IDMCA TechnologiesIdentity and Access managementWS-Security, WS-Trust, WS-Federation, SAML, OAuth, Security Token Service, Single Sign-on, RBAC, ABAC
EmpowerID [2] The Dot Net FactoryIdentity managementWS-Security, WS-Trust, WS-Federation, SAML, OAuth, Security Token Service, Single Sign-on, RBAC, ABAC
Fusion Middleware [3] OracleIdentity managementWS-Security, WS-Federation, SAML, XML, RBAC
JBoss SSO [4] JBossIdentity managementWS-Security, WS-Trust, SAML, Single Sign-On
Hitachi ID Systems [3] HitachiIdentity managementWS-Security, WS-Federation, Single Sign-On, SAML, XML
LemonLDAP::NG [5] LemonLDAP::NGSSO for Web ApplicationsWS-Federation, CAS, OpenID-Connect, SAML-2.0, Single Sign-on
Microsoft ADFS [6] MicrosoftFederation ServicesWS-Security, WS-Federation, Single Sign-on
Novell Access Manager [7] NovellPassword manager & single sign-onWS-Security, SAML, Single Sign-on, RBAC
OpenSAML [8] Shibboleth C++ & Java librariesWS*-, WS-Security, WS-Addressing, WS-Trust, SAML, XACML
Open-source Apache CXF [9] ApacheOpen source frameworkWS*-, WS-Security, WS-Addressing, WS-Trust, SOAP, XML, RESTful HTTP
Oracle Fusion Middleware [10] OracleIdentity managementWS-Security, WS-Federation SAML, XML, RBAC
Sailpoint IdM [11] SailpointIdentity managementWS-Security, WS-Federation SAML, Single Sign-on, RBAC
SAP Security & IdM [12] SAPSecurity managementWS-Security, SAML, XML
SecureAuth IdP [13] SecureAuthAdaptive Access ControlWS-Security, WS-Trust, WS-Federation, SAML, OAuth, OpenID Connect, OpenID, CAS, Single Sign On
Sentry API Security Gateway [14] Forum SystemsAPI GatewayWS-Security, WS-Trust, WS-Federation, SAML
Tivoli Identity Manager [15] IBMAccess Manager for E-businessWS-Security, WS-Federation, SAML, CAS, OpenID
Ubisecure [16] Ubisecure SolutionsSingle Sign-on ServiceWS-Security, WS-Federation, TUPAS, OpenID
WS-Security Wrapper [17] Source ForgeXML converter to/from SOAP with WS-SecurityWS-Security, WS-Addressing, Java, XML
XML Firewall [18] Layer7TechXML firewall for securing cloud-based systemsWS*, WS-Security, SAML, XML, OAuth

See also

Related Research Articles

Web Services Security is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Shibboleth (software)</span> Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

Oracle Fusion Middleware consists of several software products from Oracle Corporation. FMW spans multiple services, including Java EE and developer tools, integration services, business intelligence, collaboration, and content management. FMW depends on open standards such as BPEL, SOAP, XML and JMS.

<span class="mw-page-title-main">Apache Axis2</span> Web service engine

Apache Axis2 is a web service engine. It is a redesign and re-write of the widely used Apache Axis SOAP stack. Implementations of Axis2 are available in Java and C.

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains. SAML is a product of the OASIS (organization) Security Services Technical Committee.

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLCore, SAMLBind, SAMLProf, and SAMLMeta.

WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange.

Security token service (STS) is a cross-platform open standard core component of the OASIS group's WS-Trust web services single sign-on infrastructure framework specification.cf. Within that claims-based identity framework, a secure token service is responsible for issuing, validating, renewing and cancelling security tokens. The tokens issued by security token services can then be used to identify the holder of the token to services that adhere to the WS-Trust standard. Security token service provides the same functionality as OpenID, but unlike OpenID is not patent encumbered. Together with the rest of the WS-Trust standard, the security token service specification was initially developed by employees of IBM, Microsoft, Nortel and VeriSign.

<span class="mw-page-title-main">OpenAM</span>

OpenAM is an open-source access management, entitlements and federation server platform. Now it is supported by Open Identity Platform Community.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML).

A SAML service provider is a system entity that receives and accepts authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML).

References

  1. Alrodhan, Waleed (2012), "Identity Management", Digital Identity and Access Management, IGI Global, pp. 329–347, doi:10.4018/978-1-61350-498-7.ch017, ISBN   978-1-61350-498-7 , retrieved 2023-12-11
  2. "EmpowerID".
  3. 1 2 "Fusion Middleware" (PDF).
  4. "JBoss SSO".
  5. "LemonLDAP::NG".
  6. "MS ADFS". 6 June 2011.
  7. "Novell Access Manager".
  8. "OpenSAML".
  9. "Open-Source Services Framework Apache CXF".
  10. "Oracle Fusion Middleware" (PDF).
  11. "Sailpoint Identity Now".
  12. "SAP Security Manager".
  13. "SecureAuth".
  14. "Forum Systems".
  15. "Tivoli Access Manager".
  16. "Ubilogin SSO".
  17. "WS-Security Wrapper".
  18. "XML Firewall". 17 November 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.