Google Site Search


Monday, December 15, 2008

Federated Identity Support with JBoss

People ask me the following questions:
* when are we getting SAML support in JBoss?
* when will we get a formal identity management solution for JBoss community and enterprise users?

For a while, I have been deferring answering this basically to first get a clear picture of the stabilization of the federated identity space. In addition, we had the great JBoss Application Server v5.0 to be sent out of the door with great security features.

Given this, what are our plans?

JBoss Identity:
Various projects under the JBoss umbrella have gotten together with stakeholders and formed this project called as "JBoss Identity". JBoss Application Server, JBoss Portal, JBoss SOA, JBoss Rules/Drools, JBoss Seam etc will all utilize the work from this common project.

Results Desired:
JBoss Identity Management (Management of Users, roles etc) for a single domain
JBoss Identity Federation (Allow support for federated identity standards)


Going forward, we want to support the following standards from a federated identity perspective:

1) SAML v2.0
2) WS-Trust
3) Liberty ID-WSF

These 3 standards are important for the JBoss SOA Platform.

JBoss Identity Federation v1.0.0 (February 28, 2009)


SAML core Structures
Web Browser SSO Profile
- HTTP/Redirect Binding - Jan 15, 2009 (with Signature support)
- HTTP/Post Binding - Feb 15, 2009 (With Signature support)

WS-Trust (Parallel work with SAML)

JBoss Identity Federation v1.1.0 (May 31, 2009)
SAML v2.0
- Encryption Support to Web Browser SSO Profile
- Identity Provider Discovery Profile

Liberty ID-WSF

Note: These dates are subject to change.

Challenges: It takes years (if not close to a decade) to actually get a fully compliant federated identity management solution. There are a lot of issues involved - testing, complex configuration, complex diverse requirements etc. So, we will follow the path of least resistance - listen to our users as to what their needs are.

* We have to make the system very simple to configure (of course we should assume reasonable defaults). No point in piling on to the configuration headache associated with security.
* We will allow the system to work with the great container security (JBoss/Tomcat). Why reinvent the wheel?

How can you help?
Please use the following thread to talk to us with use cases etc and be early adopters of out technology.

JBoss Identity will be put to test at the Oasis XSPA Interoperability event at HIMSS 2009 in April 2009 at Chicago. We will use SAML v2.0, XACML v2.0 and WS-Trust applied to use cases in the health care sector.

Vision: JBoss Identity along with Identity Federation, supplemented with JBoss XACML, will enable federated identity as well as federated authorization support for the community.

No comments: