A.6 Identity Federation (in XML) from Paul Denning on 2004-01-29 (www-ws-arch@w3.org from January 2004)

From: Paul Denning <pauld@mitre.org>
Date: Thu, 29 Jan 2004 09:06:50 -0500
To: www-ws-arch@w3.org
Message-Id: <6.0.0.22.0.20040129085909.04b11510@mailsrv1.mitre.org>

I have put my my proposed addition in XML.  Editors should be able to copy 
and paste it into the XML source for the WSA document after the section on 
XACML (in Appendix A).

I have removed the bracketed [] references because the other A.x sections 
do not use any hyperlinks.  This should also make it easier on the editors 
to add this section.

Paul

<div2>
<head>Identity Federation</head>


<p>The Liberty Alliance is defining specifications dealing with various 
aspects of identity.  Their phase 2 work is grouped into three 
categories:  ID-FF, ID-WSF, and ID-SIS.</p>

<p>ID-FF (Identity Federation Framework) discusses how businesses or 
organizations can be affiliated into circles of trust and trust 
relationships. ID-FF includes several normative specifications, which in 
turn make normative references to SAML.</p>

<p>ID-WSF (Identity Web Services Framework) is a set of specifications for 
creating, discovering, using, and updating various aspects of identities 
through a particular type of web service known as an Identity 
Service.  ID-WSF builds on ID-FF.  A user (Principal) may register with 
several Identity Services.  A prominent part of ID-WSF is a discovery 
service for locating an Identity Service for a given user 
(Principal).  ID-SWF also defines a Data Services Template.  ID-WSF has 
also defined a draft specification for an approach to negotiating an 
authentication method using SOAP messages to identify SASL mechanisms (RFC 
2222).</p>

<p>Note that WS-Security specifically states that establishing a security 
context or authentication mechanisms is outside its scope. ID-WSF may fill 
this void.  However, WS-Security also defines a Username Token Profile, 
which could be used as an authentication mechanism.  Potentially, Liberty 
ID-WSF could be used to negotiate the use of WSS Username Token Profile as 
the authentication mechanism.  Currently, WSS Username Token Profile is not 
registered in IANA's SASL Mechanisms collection.</p>

<p>ID-SIS (Identity Service Instance Specifications) defines profiles for 
particular types of Identity Services.  These profiles conform to the 
ID-WSF Data Services Template.  Liberty has defined two such profiles.  The 
Employee Profile (ID-SIS-EP) defines how to query and modify information 
associated with a Principal in the context of their employer.  The Personal 
Profile (ID-SIS-PP) defines how to query and modify identity information 
for Principals themselves.</p>
</div2>


Paul

Received on Thursday, 29 January 2004 09:07:49 UTC