Child pages
  • LibertyWSFIntro

The Shibboleth 1.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

The goal of the ID-WSF specifications is to aggregate and where necessary profile existing public/standard specifications for developing web service (i.e. SOAP) applications so that interoperable implementations (commercial and open source) are possible. There is a particular focus on securing web services, in a manner composable with the capabilities of SAML, so that it becomes possible to deploy secure web services irrespective of the security and policy boundaries between web service consumers and providers.

Most of the specifications emerging in the web services arena, particularly the ones related to security, are extremely complex and general. If multiple developers designed a project using them, it's more likely they'd win a lottery than produce solutions that would even resemble each other, let alone interoperate. This is great if you sell consulting services, not so great if you're looking for real standards.

The goal here is to provide a roadmap to understanding the capabilities of the ID-WSF 2.0 specifications. The full set of documents is large, complex, and in a few places somewhat rough, but they can be understood as a set of building blocks that can be recombined into a usable solution for a variety of requirements. They may also be useful as input into solutions in other problem domains outside of web services, particular those based around SAML. ID-WSF is a good way to see how SAML can be applied to problems beyond just web single sign-on.

Before getting into specifics, it's helpful to understand the general solution space and some of the terminology. ID-WSF is about enabling a web service consumer (WSC) to locate and securely invoke a web service provider (WSP). Multiple web services may be involved in the execution of a single activity.

Services may also be tailored around the identity of users that may be interacting with the WSC, and ID-WSF security mechanisms based on SAML have the expressiveness to model the presence of users and support authorization policies based on delegation between a user and a WSC that is accessing services on the user's behalf.

ID-WSF is also designed to compose with the IdP-managed privacy features in SAML 2.0, such as pseudonymous user identifiers, and avoids introducing opportunities for correlation of user activity.

  • No labels