Sun and Nokia demo service-oriented identity

By Rich Seeley, News Writer 12 Apr 2006 | SearchWebServices.com

News on SOA, EAI, Web services Digg This!     StumbleUpon     Del.icio.us

Liberty Alliance, the consortium for developing open standards for federated identity, interoperable authentication and identity-enabled Web services, insisted today that its SAML 2.0-based identity standards are not just for enterprise applications.

This is putting the user back in control of his identity. Services providers only get the information users want to give. Hubert LeVanGong Federated Identity Architect, Sun Inc.

During a teleconference, Web services architects from Nokia Corp. and Sun Microsystems Inc. demonstrated device-independent, client-side consumer applications using the Liberty Enhanced Client Profile (LECP). It is Liberty's version of the ECP spec in the OASIS standard SAML (Security Assertion Markup Language), explained John Kemp, a technical architect at Nokia working on Web services projects for personal identity services using the Liberty technology.

LEPC is based on Liberty standards including Identity Federation Framework (ID-FF) and Identity Web Services Framework (ID-WSF) 2.0.

LECP enables "user-centric" identity, which Kemp defined as allowing the user to determine what personal identity information they want to provide to an online merchant in a Web services consumer application.

Using a simple example of how this would work in a transaction, Kemp said that a fictional user named Lois would need to disclose her date of birth to use an online horoscope service from her cell phone. This could be handled by sending a SOAP message containing her LECP identity information. If she then chose to subscribe to a daily horoscope service sent to her cell phone, she would have to choose to send credit card and billing details that could also be done using LECP.

Working for Nokia, Kemp used cell phone examples, but sought to stress the fact that unlike Microsoft's InfoCard, which is Windows-based, the Liberty technology is device independent.

"Personal identity services can be user-centric regardless of where they are located," Kemp said.

In answer to a question at the teleconference from a developer working with the Microsoft InfoCard, Kemp acknowledge that with the device independence the standardized user interface that Microsoft is able to provide via Windows is not possible. He said it would require 160 companies to agree on a single interface and it would still be difficult to produce the same look and feel ranging from a desktop PC to a cell phone or PDA. Yut he said the cues the user is given for providing identity information using LECP is basically the same in all applications. He characterized it as being similar to using various TV remotes. They may not all have the same appearance but it is easy to find the on button since you know it has to be there.

For more information Learn more about SAML adoption Check out our XML Security Learning Guide

Hubert LeVanGong, a federated identity architect at Sun, demonstrated more complex applications of LEPC showing how a Web services applications from the Department of Homeland Security and the California Department of Motor Vehicles could authenticate a users identity. He also demonstrated credit union and a wine merchant applications using the Liberty standard. A Java applet creating SAML assertions and SAML artifacts provided identity verification as well as banking access and credit card and billing information from a Web browser.

In keeping with Liberty's own assertion that this technology is ready for commercial Web services applications today, the Sun architect said, "Liberty provides all the tools you need to do user-centric identity authentication."

He stressed that with Liberty the user controls who gets sensitive information by allowing them to pick and chose what information goes to a Web services application.

"This is putting the user back in control of his identity," LeVanGong said. "Services providers only get the information users want to give."

Tags: Service-oriented architecture (SOA) education,  Business process management (BPM),  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web services development Java-based Abdera open source tools implement Atom services Layer 7 secures Oracle ESB, protects SOA applications Gomez adds new features through platform-wide upgrade PowerBuilder 12 beta available RAD Studio 2010 hits the shelves Oracle brings Fusion Middleware into the modern age Oracle Fusion Middleware 11g supports SCA, JavaServer Faces development Investment site turns to Xignite, Amazon cloud computing to power portfolio tracker SimpleDB shows promise Yahoo says no deal Service-oriented architecture (SOA) education SOA Manifesto urges both agility and business focus SOA skills, slings and arrows Playbook for the SOA Red Zone Win SOA Design Patterns book Take part in SearchSOA.com survey. Help define the state of SOA. New year – same old SOA tempests? The annals of SOA Talk Software architects navigate transitions Ten ways to identify services Analysts, users find roadblocks along the SOA highway Service-oriented architecture (SOA) education Research SOA strategy Road-mapping: An essential EA skill SOA 2009 Multimedia Library SOA for Dummies, 2nd Edition, by Judith Hurwitz Three tips for success in SOA New Microsoft language for SOA? Trends 2008: Outsourcing, agile development Is SAP the SOA leader? SAP new SOA strategy debated Goldman sees hard times for software SAP offers two paths to SOA SOA strategy Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ColdFusion  (SearchSOA.com) Delphi  (SearchSOA.com) Eclipse  (SearchSOA.com) elegant solution  (SearchSOA.com) interaction management  (SearchSOA.com) message-driven processing  (SearchSOA.com) Ruby on Rails  (SearchSOA.com) Tim Berners-Lee  (SearchSOA.com) Web services  (SearchSOA.com) Web Services: Glossary  (SearchSOA.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary