Authentication services
From OpenEGov
Authentication Services ...
Contents |
SAML
SAML stands for Security Assertion Markup Language, standardised through OASIS. There is a good introduction on IBM's developerworks. SAML has been used as the basis for implementing a common e-authentication service under the US Federal Enterprise Architecture.
OpenSAML is an open source implementation of SAML (under a BSD style license) which includes Java/C++ implementations. There is also a free Python implementation.
Much of the open source work based on SAML is around universities. One example is Shibboleth which has developed architectures, policy structures, and an open source implementation to support inter-institutional sharing of web resources subject to access controls, with a policy framework to allow inter-operation within the American higher education community. Shibboleth has now been adopted by BECTA for the UK school system.
Previously in the UK the main application of Shibboleth was in the athens system for which only the devolved authentication component is available as free software. Athens is used by universities and the NHS.
Liberty Alliance
SourceID provide open source implementations of the Liberty Alliance infrastructure in Java (with a one-off open source license).
The American NSF Middleware Initiative has put together a list of open source components which can be used to build up a full authentication service. This include Shibboleth, as well as a range of components for underlying authentication systems.
France
An alternative approach to a Liberty Alliance implementation on more classic free software lines has been followed in France. Lasso is a gpl-ed implementation of the Liberty Alliance universal login/passport for 'Carte de Vie Quotidienne' access to government services. The base technology used is the XMLSec gpl-ed C security library, together with LibXML2; Lasso provides bindings in Python, Java and PHP as well as .NET.
A sample implementation is used by the mairie of Vandoeuvre
Italy
Open Portal Guard is being developed by Grosseto council, who are appealing for collaborators from Italy and elsewhere in Europe. It is an SSL/X502 certificate system secured by electronic ID cards (so may not be so relevant for the UK).
