http://wiki.apache.org/incubator/FedizProposal
In short: The idea of WS-Federation for Web SSO is to externalize the authentication process to a centralized authentication server (called Identity Provider (IDP)) which can support any kind of authentication mechanism. The IDP issues a security token like SAML which contains the authenticated entity as well as role information and/or other claim data of a user like name, email, others which is sent to the application (called Relying Party (RP)). Use case for an application: Usually, fine graind authorization is not directly dependent on the authenticated user. Instead, the user is required to get some user attributes from an identity system (LDAP, whatever). You implement authorization based on these attributes. In WS-Federation, these claim attributes are added to the SAML token (standardized too) and the application has the possibility to tell the IDP what kind of claims the need (HTTP parameter or WS-Federation metadata document) Discussions are starting on the incubator mailing list. Greetings, Marcel
_______________________________________________ Amdatu-developers mailing list [email protected] http://lists.amdatu.org/mailman/listinfo/amdatu-developers
