OpenSSO Enterprise is based upon the following industry-recognized specifications:
Confidentiality of Web Service Messages Using XML Encryption
Produced by the World Wide Web Consortium (W3C). Describes a mechanism to encrypt XML documents.
Web Service Authentication and Authorization Using XML Signature
Describes Secure Assertion Markup Language (SAML) and eXtensible Access Control Markup Language (XACML) as proposed by the Organization for Advancement of Structured Information Standards (OASIS) group. SAML and XACML provide mechanisms for authentication and authorization in a Web services environment.
Integrity of Web Service Messages Using XML SignatureProduced jointly by the W3C and the Internet Engineering Task Force (IETF). The power of XML Signature is in it ability to selective sign XML data.
Web Services (WS)-Security
Produced by OASIS. Defines a set of SOAP header extensions for end-to-end SOAP messaging security. WS-Security supports message integrity and confidentiality by allowing communicating partners to exchange signed encrypted messages in a web services environment.
Security for Universal Description, Discovery and Integration (UDDI)
Produced by OASIS. UDDI enables web services to be easily located and subsequently invoked. Security for UDDI enables publishers, inquirers and subscribers to authenticate themselves and to authorize the information published in the directory.