test

Sun Java System Access Manager 7 2005Q4 Federation and SAML Administration Guide

Liberty ID-WSF Specifications

The Liberty ID-WSF includes these specifications:

SOAP Binding Specification

The Liberty ID-WSF SOAP Binding Specification provides a transport layer for handling SOAP messages. It defines SOAP header blocks and processing rules that enable the invocation of identity services using SOAP requests and responses. It also specifies how to 1) configure messages for optimum message correlation, assuring the relationship between a SOAP request and its response, 2) consent claims (permission to perform a certain action), and 3) usage directives (data handling policies). For more information, see the Liberty ID-WSF SOAP Binding Specification.

Discovery Service Specification

The Liberty ID-WSF Discovery Service Specification defines a framework that enables a client to locate the appropriate web service for retrieving, updating, or modifying a particular piece of identity data. Typically, there are one or more services on a network that allow entities to perform an action on identity data. To keep track of these services or to know which can be trusted, clients require a discovery service. A discovery service is essentially a web service interface for a registry of resource offerings. A resource offering defines an association between a piece of identity data and the service instance that provides access to the data. A common use case is when a personal profile or calendar data is placed within a discovery resource so that the data can be located by other entities. For more information, see the Liberty ID-WSF Discovery Service Specification.

Security Mechanisms Specification

The Liberty ID-WSF Security Mechanisms Specification describes the requirements for securing authorization decisions that are sent for the discovery and use of identity services. The specified mechanisms provide for authentication, signing, and encryption operations to ensure integrity and confidentiality of the messages. For more information, see the Liberty ID-WSF Security Mechanisms Specification.

Data Services Template Specification

The Liberty ID-WSF Data Services Template Specification defines how to query and modify the identity data attributes that are stored in a data service (a web service that holds data). The specification also provides common attributes for data services. For more information, see the Liberty ID-WSF Data Services Template Specification.

Interaction Service Specification

The Liberty ID-WSF Interaction Service Specification provides communication protocols for identity services to obtain permission from a principal (or someone who owns a resource on behalf of that principal) that allows the service to share the principal's identity data with requesting services. For more information, see the Liberty ID-WSF Interaction Service Specification.

Authentication Service Specification

The Liberty ID-WSF Authentication Service Specification defines how to authenticate parties communicating via SOAP-based messages. It leverages widely used authentication services and mechanisms, and facilitates selection of these services and mechanisms at deployment time. The specification defines the following:

The specification also defines an identity-based authentication security token service, complementing the more general security token service as discussed in the section, Discovery Service Specification. For more information, see the Liberty ID-WSF Authentication Service Specification.

Client Profiles Specification

The Liberty ID-WSF Client Profiles Specification describes the requirements for Liberty-enabled clients that interact with the SOAP-based Authentication Service. Client profiles can enable browsers to perform an active role in transactions, in addition to the functions of a standard browser. For more information, see the Liberty ID-WSF Client Profiles Specification.