- Liberty Alliance ID-WSF 2.0 Specifications Overview
- From the Liberty Alliance Announcement
- About SAML Version 2.0
- Principal References
The Liberty Alliance has announced a public draft release of its Identity Web Services Framework (ID-WSF) Version 2.0 in a Phase One distribution that supports the OASIS SAML (Security Assertion Markup Language) Committee Draft 2.0 release.
Liberty Alliance is global consortium of "more than 150 companies, non-profit and government organizations from around the globe. The consortium is committed to developing an open standard for federated network identity that supports all current and emerging network devices."
Liberty's ID-WSF 2.0 is a second-generation framework for identity-based Web services which "has been extended to include support for SAML 2.0, specifically defining how SAML 2.0 assertions can be used to communicate identity information among identity-based Web services." The ID-WSF 2.0 release is "part of a Liberty Alliance roadmap for WSF 2.0 specifications that are being released in phases to accommodate rapid industry deployment. The first phase is focused on SAML 2.0 support. The second and third phase, which are expected to be completed in full by the end of 2005, include several significant new features, designed to give implementers even greater depth of functionality including the capability to leverage custom Web services, as well as those being developed in the services groups within Liberty Alliance.
The Liberty announcement highlights four enhancements in the Identity Web Services Framework which reflect respose to user requirements and contributed use cases. ID-WSF 2.0 support for Subscription/Notification "permits Web service consumers to subscribe to automatic notices of changes from the Web services provider, automating the process and delivering benefit of ease and control to the end users." Enhancements for Groups offers support for those scenarios in which membership in a group (e.g., a soccer team, senior managers, etc ... ) drives/impacts the consumers' online interactions, allowing implementers to deliver enhanced services to end users."
The ID-WSF 2.0 release enhances Principal Referencing, which "Allows users to create and maintain a list of those friends/colleagues with whom they wish to interact online (e.g., viewing photos, finding the location, sharing contact book info, etc), opening up significant new opportunities to personalize services and allow end users to easily customize their Web experience. It also now supports Intelligent Client, which "Defines/profiles identity management mechanisms where the user device has enhanced capabilities, available if the device is on or offline, allowing Web services across a variety of devices and interoperability across systems, expanding the opportunity for additional types of strong authentication mechanisms, smart cards, SIM devices, etc."
SAML Version 2.0 is now being reviewed in preparation for a mid-February ballot to consider the specification for approval as an OASIS Standard. SAML "defines the syntax and processing semantics of assertions made about a subject by a system entity. In the course of making, or relying upon such assertions, SAML system entities may use other protocols to communicate either regarding an assertion itself, or the subject of an assertion. This specification defines both the structure of SAML assertions, and an associated set of protocols, in addition to the processing rules involved in managing a SAML system."
SAML assertions and protocol messages "are encoded in XML and use XML namespaces. They are typically embedded in other structures for transport, such as HTTP POST requests or XML-encoded SOAP messages. The SAML bindings specification provides frameworks for the embedding and transport of SAML protocol messages. The SAML profiles specification provides a baseline set of profiles for the use of SAML assertions and protocols to accomplish specific use cases or achieve interoperability when using SAML features."