SimpleSAMLphp

Yesterday I wrote an idea, delegated metadata without giving a proper explaination of the usage scenarios and the context. Here is some more text. It would have been nice to combine the good stuff of having distributed metadata with the convenience ... [More] of having a centralized point of entry for metadata. You can use XInclude or similar mechanisms to include one document in another, this way you can have a centralized “container metadata document” that just referes to the other federation metadata documents. Problem is this does not work very well with signing, and also I would like the opportunity to add restriction of what a federation metadata can do. In example: only allow the finish metadata aggregate to provide SPEntities (not IdPs), and the entityIDs must match the pattern: https://..fi/. or urn:finland:.*. Below is a figure showing how a central metadata document can point to other distributed metadata aggregates. Lets show an example of such a central metadata document: read more [Less]

The SAML 2.0 Metadata schema is great, but a bit limited when it comes to functionality for delegating subsets of the entities to other metadata documents and authors. I’ve been thinking about the possibilities of adding a few extension elements to ... [More] the SAML 2.0 Metadata Schema to add support for delegation of an aggregator, where you limit the aggregator to use a specific certificate. At the same time I saw the possibility to add functionality for trust management in the Dynamic SAML standard. I won’t try to explain in more detail, but instead show this mock-up document. Warning: This is at an early idea stage - no xsd anywhere, just a mock-up to show what I mean. <?xml version="1.0" encoding="UTF-8" standalone="yes"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../../AAISpecs/SAML-2.0/saml-schema-metadata-2.0.xsd" xmlns:del="urn:no.feide.rnd:delegated-metadata" xmlns:shibmd="urn:shibboleth" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Signature> read more [Less]

Olav Morken submitted a SQL authentication source (module) to simpleSAMLphp. It is pretty generic, and allows you to authenticate users that is stored in a database. Check it out, if it is relevant to you…

SimpleSAMLphp now have experimental support for OpenID Consumer. Check out latest version from trunk and enable the openid module to test it.

OpenID Consumer support is beeing worked on, and will soon be ready for testing. The janrain OpenID library included with simpleSAMLphp is now upgraded to the latest 2.x version.

Unfortunately the OpenID Provider part of simpleSAMLphp has not been maintaned, and did not work. I’ve fixed. But still, this part is in beta status. I’ve plans to add support for OpenID Consumer very soon. As well as upgrade to latest JanRain library to support OpenID version 2.0.

I’m happy to announce that we have commited to trunk a portugese translation of simpleSAMLphp. To use it, update the language.available from config-templates, and update from trunk. Thanks to “pwmpro” for the contribution.

Liberty Alliance today published a case study of simpleSAMLphp. Download case study (in PDF) Look at all IDDY winner’s case studies SnapDragon Consultants, a Manhattan-based brand strategy and Web 2.0 optimalization firm, has contributed shaping the content and design of the reports.

OSIS (Open Source Identity Systems) is a group of project representatives that meet for bi-weekly phone conferences. A set of mailing lists, a wiki, working sessions / interop testing events. Two years old. Now has 57 participating projects. Founded ... [More] by Johannes Ernst, Kim Cameron, Mike Graves and Dave Winter. Initially very InfoCard focused. Expanded to include OpenID, and soon SAML 2.0. Open Source Identity Systems Identity Commons - Wiki Information Card Foundation Information Card Foundation Working on consensus on attribute definitions beyond the 14 available in personal cards with CardSpace. Higgins - Card selector with cards managed in the cloud. Other links: Free InformationCard provider. OpneIdP solution. Managed Cards. DigitalMe http://xmldap.org/ [Less]

A new initiative from Liberty Alliance. Keep an eye on this. IDtbd Home page IDtbd mailinglist