The Liberty ID-WSF Authentication Service Specification defines how to authenticate parties communicating via SOAP-based messages. It leverages widely used authentication services and mechanisms, and facilitates selection of these services and mechanisms at deployment time. The specification defines the following:
An authentication protocol based on the Simple Authentication and Security Layer (SASL).
An authentication service that Liberty-enabled clients can use to authenticate with identity providers.
A single sign-on service that Liberty-enabled providers can use to interact with each other.
The specification also defines an identity-based authentication security token service, complementing the more general security token service as discussed in the section, Discovery Service Specification. For more information, see the Liberty ID-WSF Authentication Service Specification.