From: http://www.projectliberty.org/resources/presentation/liberty_membership_info_sep04.pdf
http://www.projectliberty.org/resources/tutorial_draft.pdf
status quo
The Identity identity is the most basic element in the digital world. Anyone who uses a computer system has an identity, such as logging in to the Window password, the Internet password, etc. Especially on the Internet, we need to remember a lot of users and passwords. Different websites use different usernames and passwords, registration, authentication, login these steps don't know how many times to repeat, can you only use an account to access Go to all the network, or log in once, don't log in every site?
Microsoft's .NET Passport can do this, such as connecting the Windows account and the MSN account, so that logging in to Windows logs in to MSN, log in to MSN, you can directly access other services such as Hotmail, such a process is single sign-on (SINGLE Sign on and alliance logins. But unfortunately, .Net Passport is not open.
Liberty Alliance is committed to achieving this open standard organization, and almost all famous big companies are members of this organization. http://www.projectliberty.org/membership/cURRENT_MEMBERS.PHP.
concept
Federation: Connection between two or more entities or services. For example, two companies establish alliances, banks and B2B websites to establish alliances, banks provide the buyer's identity authentication, B2B serving service, users can enjoy B2B service after the bank is logged in.
PRINCIPAL: Used to identify users. Quite with Identity.
IdP (Identity Provider): User information is provided, such as the bank mentioned above, provides user information. In general, there is at least one service provider for providing user information in an alliance.
SP (Service Provider): Service Provider for service. When the user accesses the service, the SP verifies the user via IDP.
Single Sign ON, SSO: When the user passes the IDP authentication, the entire alliance can share the user.
Circle of Trust: When several SP and IDP have established alliances, they constitute a trust ring.
Liberty's Architecture
The Liberty standard is mainly based on existing standards, such as SAML (Security Assertion Markup Language), SOAP, WS-Security, XML, ETC
The architecture is divided into three parts:
(1) Identity Federation Framework (ID-FF): Provides some basic features for use. If you connect, connect two different accounts, provide mutual verification), single sign-on, single session management.
(2) Liberty Identity Web Services Framework (ID-WSF): Provides a WEB Service-based framework. Provides The Framework for Building Interoperable Identity Services, Permission Based Attribute Sharing, Identity Service Description and discovery, and the associated security profilesliberty. (3) Liberty Identity Services Interface Specifications (ID-SIS): Enables interoperable identity services such as personal identity profile service, contact book service, geo-location service, presence service and so on.
Photo:
