Web services are distributed applications developed using open technologies such as eXtensible Markup Language (XML), SOAP, and HyperText Transfer Protocol (HTTP). Enterprises use these technologies as a mechanism for allowing their applications to cross network boundaries and communicate with those of their partners, customers and suppliers. Towards this end, OpenSSO Enterprise implements the Liberty Alliance Project Identity-Web Service Framework (Liberty ID-WSF) 1.1 specifications, designed to operate in concert with the Liberty Alliance Project Identity-Federation Framework (Liberty ID-FF). The implementation of the Liberty ID-WSF 1.1 specifications uses a servlet framework into which identity-based web services can be plugged and leveraged for security. Tools and API are also provided for identity providers to develop new web services and for service providers to consume both default and custom web services. Furthermore, OpenSSO Enterprise provides the necessary hooks to integrate an existing enterprise infrastructure with the Liberty Alliance Project—based infrastructure. Figure 12–1 illustrates the design of the Liberty ID-WSF framework.
Any custom web service developed with the Liberty ID-WSF must register with the SOAP Binding Service which provides validation of SOAP messages and generates the OpenSSO Enterprise session token for client authorization. Bootstrapping of the Web Services Stack is accomplished by using the Discovery Service to find a resource offering for an authenticated user. (A resource offering defines an association between a type of identity data and a URI to a WSDL file that provides information about obtaining access to the data. The web service provider must also register the web service's resource offering with the Discovery Service before offering services.) OpenSSO Enterprise supports bootstrapping using SAML v2, Liberty ID-FF, or the Authentication Web Service.