Liberty Alliance Releases Single Sign-On 1.0 Specifications

Discussions

News: Liberty Alliance Releases Single Sign-On 1.0 Specifications

  1. Sun Microsystems, United Airlines and dozens of their allies in the Liberty Alliance Project today released v1.0 of the Liberty specifications, aimed at providing single signing-on across web sites and devices. The current version allows sharing of user identity, but does not involve sharing of actual personal data.

    The specifications provide the following specific functionality:

    - Opt-in account linking - Users can choose to link accounts they have with different service providers within "circles of trust" (such as companies with existing business agreements or affinity programs).

    - Simplified sign-on for linked accounts - Once a user's accounts are federated, they can log-in and authenticate at one linked account and navigate to another linked account, without having to log-in again.

    - Authentication context - Institutions or companies linking accounts can communicate the type of authentication that should be used when the user logs-in.

    - Global log-out - Once a user logs-out of the site where they initially logged in, the user can be automatically logged-out of all of the other sites the user linked to and still maintain a live session.

    - Liberty Alliance client feature - This can be implemented on particular client solutions in fixed and wireless devices to facilitate the use of the Liberty version 1.0 specifications.

    Check out http://www.projectliberty.org/.

    Read Sun sends forth first version of Liberty.
  2. See it here

    Haven't tried it out but there it is, a 100% Java client for Passport which is supposed to work in a Servlet/jsp engine.

    Billy

    (I work for IBM but my views/comments don't reflect the views of IBM).
  3. If you look at the site, JPassport actually isn't 100% Java but simply a Java wrapper using JNI around the Passport SDK libraries.

    Mark
  4. I don't see where you got that from, look at the following lifted straight from the site:

    "Without the need to work at the SDK (Software Developer Kit) level, implementation and Pre-Production testing times are dramatically reduced.

    JPassport gives developers ready to use functions and tags and removes the need to build the modules or conduits between their application and the Microsoft Passport Manager.

    Solaris, and Linux developers can install JPassport under Netscape, Apache, infact any platform able to run Servlets, JSP or Java applications"

    Looks 100% to me.
  5. This is nothing but a JNI wrapper. Look at the following taken straight from the Javadoc of JPassport.

    <quote>
    JPassport is a Java wrapper over the Microsoft Passport SDK that provides the ability to use Passport authentication services from within Java Servlets and Java Server Pages (JSP).
    </quote>

  6. Not to miss this:

    [snip]
    3) Download JPassport 1.0

    You can install JPassport on any platform which supports a Java environment. Because JPassport uses JNI to control C code, be sure to download the version which has been compiled for your platform.
    [snip]
  7. Well,
    What a great set of claims they have, lets say everything as something must be true ;) I've emailed them to get a straight answer on what the story is and will post the outcome.

    Billy
  8. Alas,
    It is indeed a JNI solution so you'll only get a solution on platforms the Microsoft SDK is available for, Solaris, Linux and Windows from the looks of things.

    Billy
  9. With Microsoft's security record, I wouldn't use Passport even if they pay me.
  10. How about if they gave you a million? I'd do it!
  11. Hello,

    Does anyone know any open source or commercial implementations (early access betas ...) of Liberty?
    Or better yet of SAML? I am looking for something fairly light weight. Not like buying SunOne server just to get SAML
    So far I found couple of implementations
    https://support.netegrity.com/ntg.cfm (pretty old)
    http://middleware.internet2.edu/opensaml/ (no docos no samples)
    http://www.systinet.com (requires their server to run on)

    Can anyone suggest any other vendors/projects

    Thank you very much

    Alex