Java Enterprise Edition Version 6 release includes new security features in the areas of web container security as well as authentication and authorization aspects of Java application development. These features include programmatic and declarative security enforcement in the web tier. This post gives an overview of these new security features.
Microsoft has entered the cloud and customers are looking into moving their applications to this new platform. In doing so authentication and identity management needs to be addressed. InfoQ Editor Jon Arild Tørresdal talked to Eugenio Pace, Senior Program Manager in the Patterns & Practices team about the recent federation and identity technologies released from Microsoft.
David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.
“Everyone feels the need to write a custom authentication protocol” says George Reese, which he claims is one of the things he learnt working on a programming API for cloud providers and Saas Vendors. In a post George proposes a set of standards for any REST authentication need.
Microsoft Windows Azure Platform AppFabric is a set of technologies helpful to connect on-premises applications with Azure cloud services and resources and eases interoperability between users belonging to different domains. The main components are the Service Bus and the Access Control Service.
The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.
Microsoft released an identity developer training kit, following closely on the heels of the release of Geneva Beta 2 at Teched. The training kit is a set of hands-on labs and resources designed to help developers to take advantage of Microsoft’s identity products and services.
Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.
In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).
As more social networking sites are popping up, the questions around the data they keep are rising. Data portability has become the watch phrase across the Web 2.0 world. Is there something to be learned about data access and portability from these services?
Identity management for networked and distributed applications continues to present several unique challenges for users and developers. Higgins is a suite of identity management solutions from the Eclipse foundation, created with the intent of simplifying and adding consistency to online authentication.
Taking a look at the challenges that lay ahead in the quest for Federated Identity Management.
For those of you looking at using OpenID, there is a .NET compatible library available. The Library was written in Boo, a .NET language inspired by Python. It also leverages a library from the Mono project.
SAML has emerged as the gold standard for building Cross-Domain SSO solutions and is a key technology in the domain of federated identity management. This presentation from Javapolis presents the basic concepts of SAML including assertions, attributes, artifacts, bindings and profiles, the problems SAML solves, how it works in real life.