Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

The goal of the ID-WSF specifications is to aggregate and where necessary profile existing public/standard specifications for developing web service (i.e. SOAP) applications so that interoperable implementations (commercial and open source) are possible. There is a particular focus on securing web services, in a manner composable with the capabilities of SAML, so that it becomes possible to deploy secure web services irrespective of the security and policy boundaries between web service consumers and providers.

<soapbox>
Most of the specifications emerging in the web services arena, particularly the ones related to security, are extremely complex and general. If multiple developers designed a project using them, it's more likely they'd win a lottery than produce solutions that would even resemble each other, let alone interoperate. This is great if you sell consulting services, not so great if you're looking for real standards.
</soapbox>

The goal here is to provide a roadmap to understanding the capabilities of the ID-WSF 2.0 specifications. The full set of documents is large, complex, and in a few places somewhat rough, but they can be understood as a set of building blocks that can be recombined into a usable solution for a variety of requirements. They may also be useful as input into solutions in other problem domains outside of web services, particular those based around SAML. ID-WSF is a good way to see how SAML can be applied to problems beyond just web single sign-on.

...

ID-WSF is also designed to compose with the ! IdP-managed privacy features in SAML 2.0, such as pseudonymous user identifiers, and avoids introducing opportunities for correlation of user activity.%COMMENT%