SAML 2.0 meets Web 2.0

By Rich Seeley, News Writer 29 Nov 2006 | SearchWebServices.com

News on SOA, EAI, Web services Digg This!     StumbleUpon     Del.icio.us

SAML 2.0, a protocol for federated single sign on, needs to lighten up for the Web 2.0 world of agile development, says Pat Patterson, federation architect at Sun Microsystems Inc. And that's where Sun's Project Lightbulb comes in.

XML signature seemed like a barrier to getting SAML. These were people using lightweight languages like PHP, Perl, Python and Ruby. Pat Patterson Federation Architect, Sun Microsystems Inc.

The goal of project Lightbulb, which is part of Open Single Sign-On (Open SSO) is to provide a lightweight means of federating identities, so users can sign in with a single authentication key and move seamlessly between all sorts of mashed up and recombined Web services projects, Patterson explained in a Webcast today sponsored by Liberty Alliance.

The concept is to have URL-based identity where the user is able to participate in blogs and wikis and other Web 2.0 collaborative applications without a pre-existing relationship with the application, he explained.

"The Web is very different now than it was five years ago," Patterson said "I'm focused on participation on the developer side to put a presence on the Web very quickly."

OpenSSO is designed to provide a way to create an federated identity via SAML 2.0 with very little coding. This would solve the problem developers of Web 2.0 applications have with the heavyweight nature of SAML 2.0 implementation, Patterson said.

"Web 2.0 developers say SAML 2.0 would be useful because it's widely implemented, secure and industrial strength," he continued. "On the downside people saw it as complex. XML signature seemed like a barrier to getting SAML. These were people using lightweight languages like PHP, Perl, Python and Ruby."

Noting that many modern Web services seem to have settled on Linux with a lightweight language such as PHP and Ruby, the Lightbulb project (originally a pun because it was to fit into the LAMP stack) is intended to provide the security of SAML 2.0 implemented through a scripting language, Patterson said. This avoids the problem of having to maintain a repository of passwords and authentication data on a server for a simple developer blog, he said.

"Maintaining passwords in a repository was becoming siloed," he told the audience for the Webcast. "People wanted to get to a federated identity management system where the user can authenticate with a third party and access a variety of sites with one password. Effectively the PHP site forgets about passwords and uses authentication."

"For a single PHP site it was overkill," he explained.

The next step was to build SAML 2.0 token support in scripts in the Web server. This proved to be "a great solution if you've got one or two PHP sites," Patterson said. However with larger applications running on more than five servers it requires a separate server running OpenSSO, he said.

For more information What's new with SAML SAML declares victory, closes in on a billion IDs

Programming in Microsoft Notepad, Patterson demonstrated how SAML authentication can be coded into a Web site to provide for single sign on and single log out with very simple lines of PHP code.

This allows the user to log in via an authentication provider and then access blogs and other developer collaboration sites securely without having to type in user names and passwords repeatedly.

Currently the Lightbulb project is only available for PHP, but Patterson said implementations with Ruby and other scripting languages are in the pipeline. He called for developers to join the project and extend it. He said Lightbulb is already attracting participation from developers in the U.S., Europe and even China.

Source code is available on the OpenSSO Website.

Tags: VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web services development Java-based Abdera open source tools implement Atom services Layer 7 secures Oracle ESB, protects SOA applications Gomez adds new features through platform-wide upgrade PowerBuilder 12 beta available RAD Studio 2010 hits the shelves Oracle brings Fusion Middleware into the modern age Oracle Fusion Middleware 11g supports SCA, JavaServer Faces development Investment site turns to Xignite, Amazon cloud computing to power portfolio tracker SimpleDB shows promise Yahoo says no deal SOA and XML networking Crosscheck Networks acquires XML gateway maker Forum Systems Tibco creates high-speed messaging appliance Google Chrome shifts architects' equations as V8 powers the browser Hyperic offers Web app management Appristry offers new fabric for SOA virtualization Client-side monitoring for Web services Preventing NOA in SOA Efficient XML Interchange tackles data verbosity Layer 7 supports SOA on Solaris DataDirect releases new XML converters for SOA

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ColdFusion  (SearchSOA.com) Delphi  (SearchSOA.com) Eclipse  (SearchSOA.com) elegant solution  (SearchSOA.com) interaction management  (SearchSOA.com) message-driven processing  (SearchSOA.com) Ruby on Rails  (SearchSOA.com) Tim Berners-Lee  (SearchSOA.com) Web services  (SearchSOA.com) Web Services: Glossary  (SearchSOA.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary