Sun OpenSSO Enterprise 8.0 Developer's Guide

Securing Virtual Federation Proxy

VFP provides two ways to secure identity attributes between an instance of OpenSSO Enterprise and an application:

Both mechanisms result in an encrypted string (referred to as a cryptostring) generated for the asserted attributes. The symmetric cryptostring is a SHA-1 hash of the attributes. The asymmetric cryptostring is a digital signature of the attributes.

Note –

As each pairing of application to OpenSSO Enterprise instance is independent, different applications involved can use different security methods.