Here’s a doc I recently constructed as an aid for other protocol designers and system/protocol implementors to use in figuring out how to go about “learning SAML”…
http://identitymeme.org/doc/draft-hodges-learning-saml-00.html
Note that this item is also listed over there in the sidebar on the right under the heading “Pages” (on my main blog page).
A new Liberty / SAML opensource project has just emerged — ZXID.org — with an emphasis on embedding the identity functionality in the “application layer” and supporting Perl and PHP.
From the web page:
ZXID project has currently (Aug 2006) three outputs
- libzxid
- A C library for supporting SAML 2.0, including federated Single Sign-On
- zxid
- A C program that implements a SAML Service Provider (SP) as a CGI script
- Net::SAML
- A Perl module wrapping libzxid. Also zxid.pl, that implements SP in mod_perl environment, is supplied.
There’s a bunch more information in the PDF readme file.
Check it out.
Ross Anderson‘s excellent book, Security Engineering, is now online and free, as in beer.
Highly recommended reading.
The Liberty Alliance will present the IDentity Deployment of the Year Award (IDDY, pronounced EYE-D) before the keynote at the DIDW (DigitalID World) conference this September. The announcement and nomination page is here…
This sounds like a good idea to not only promote the “online identity” topic itself, but also spread some recognition for the folks who do the usually behind-the-scenes deployment work.
The thoughtful Roger Sullivan makes his blogosphere appearance..
Welcome Roger!
Ross Anderson, a founder of the field of Security Economics, who previously maintained an old-school homepage as his “blog” (similar to what I also used to do, though he did/does a way better job), is now blogging on his U of Cambridge Security Research group’s blog..
It, and Ross’ other web pages and publications (notably his book Security Engineering), are all Highly Recommended Reading.
The inimitable Conor Cahill has succumbed to peer pressure and is now blogging…
Welcome Conor 🙂
See..
SAML IPR statements have been revised to explicit “defensive suspension”
..though don’t forget to also see this following message noting that AOL lead this charge by example, which those of us working behind the scenes to effect this overall posture liberally pointed to..
Re: SAML IPR statements have been revised toexplicit “defensive suspension”
The SSTC/SAML IPR Statements Page is here. Thanks again to all the folks who worked to make this happen!
My previous post on these developments is here.
The Liberty Alliance recently announced availability of:
ID-WSF 2.0 (DRAFT), the Identity Web Services Framework (ID-WSF), Draft Release 3
We’re getting very close to completing ID-WSFv2.0. I expect the delta between this Draft Release 3 specification set and the WSFv2.0 “final” spec set to be pretty small.
If you are interested in secure, identity-enabled, SOAP-based web services frameworks, you should take a look at this spec set. Rather than being a “framework of fameworks”, this spec set is directly implementable without further profiling. Indeed, ID-WSFv1.x is implemented, tested, and available from multiple vendors.
A report on the security risks of applying CALEA to VoIP is available on the ITAA.org website. To quote the site:
A new ITAA study by Internet gurus Vint Cerf, Whit Diffie and other experts warns that extending CALEA wiretap measures to Voice over Internet Protocol communications could stall innovation and introduce major security problems.
One of the report’s authors, Susan Landau, announced the report via this message to Dave Farber‘s Interesting-People mailing list.