Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.
OpenID has promised to simplify the user authentication process across multiple websites, but some complain it has actually created more problems. 37signals, an early supporter of OpenID, has announced the decision to stop using it across its products. Is OpenID delivering what it promised?
Eran Hammer-Lahav, one of the editors of the OAuth 2.0 specification, published a diatribe on the latest standard draft. For him, the current proposal mortgages the future of the Web. He sees the current specification focusing too much on simplicity for the application developer while severely limiting the ability to create discoverable and interoperable services.
The WCF Data Services Team have recently been doing a series on the available authentication mechanisms for client/OData service authentication.
Java Enterprise Edition Version 6 release includes new security features in the areas of web container security as well as authentication and authorization aspects of Java application development. These features include programmatic and declarative security enforcement in the web tier. This post gives an overview of these new security features.
Microsoft has entered the cloud and customers are looking into moving their applications to this new platform. In doing so authentication and identity management needs to be addressed. InfoQ Editor Jon Arild Tørresdal talked to Eugenio Pace, Senior Program Manager in the Patterns & Practices team about the recent federation and identity technologies released from Microsoft.
David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.
“Everyone feels the need to write a custom authentication protocol” says George Reese, which he claims is one of the things he learnt working on a programming API for cloud providers and Saas Vendors. In a post George proposes a set of standards for any REST authentication need.
Microsoft Windows Azure Platform AppFabric is a set of technologies helpful to connect on-premises applications with Azure cloud services and resources and eases interoperability between users belonging to different domains. The main components are the Service Bus and the Access Control Service.
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
Microsoft released an identity developer training kit, following closely on the heels of the release of Geneva Beta 2 at Teched. The training kit is a set of hands-on labs and resources designed to help developers to take advantage of Microsoft’s identity products and services.
Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.
In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).
As more social networking sites are popping up, the questions around the data they keep are rising. Data portability has become the watch phrase across the Web 2.0 world. Is there something to be learned about data access and portability from these services?
Identity management for networked and distributed applications continues to present several unique challenges for users and developers. Higgins is a suite of identity management solutions from the Eclipse foundation, created with the intent of simplifying and adding consistency to online authentication.