RSA IOP Scenarios
From Project Concordia
Also see the Concordia workshop RSA 2008 notes.
Contents |
Endpoints
Endpoint information is being maintained on the RSA IOP Endpoints page.
Scenarios in scope
We will focus on two broad scenarios for the RSA IOP.
Scenario 1 - Infocard Authentication followed by SAML/WS-Federation SSO
This scenario is characterized by a user authenticating to an IdP using an Infocard (in various permutations of managed or personal cards), the fact of that authentication communicated to a downstream Relying Party through either SAML 2.0 or WS-Federation protocols.
Infocard Authentication Scenario Details
As discussed in the description of roles , there are really two sub-scenarios, which will be distinguished here as Scenario 1a and Scenario 1b.
Scenario 1a - Infocards + SAML2 protocol scenario
Using Template:Scenario1a
| Implementation Name | Infocard Client | RP/SAML2 IDP | STS (opt) | Authn Method and/or Comments | Tech POCs |
| Oracle | Higgins Mozilla plugin | Oracle Identity Federation | - | personal, managed-password | Ari Kermaier Damien Carru |
| Internet2 | Windows XP | Shibboleth | - | - | Scott Cantor |
| FuGen Solutions | CardSpace | 3rd Party Liberty Certified IdP | ?? | personal, managed-password | Vijay Simha |
| Ping Identity | CardSpace / Digital Me | PingFederate | PingFederate | personal, managed-password | Ashish Jain |
| Sun Microsystems | CardSpace / Digital Me | OpenSSO | OpenSSO | managed-password | Pat Patterson |
| Symlabs | DigitalMe Firefox plugin | Symlabs Federated Identity Suite | SFIS | personal, managed-password | Sampo Guillermo Pablo |
Scenario 1b - Infocards + WS-Fed protocol scenario
Using Template:Scenario1b
| Implementation Name | Infocard Client | RP / WS-Fed IDP | STS (opt) | Authn Method and/or Comments | Tech POCs |
| Oracle | Higgins Mozilla plugin | Oracle Identity Federation | - | personal, managed-password | Ari Kermaier Damien Carru |
| FuGen Solutions | CardSpace | 3rd Party Liberty Certified IdP | ?? | personal, managed-password | Vijay Simha |
| Ping Identity | CardSpace / DigitalMe | PingFederate | PingFederate | personal, managed-password | Ashish Jain |
| Microsoft | CardSpace | Development version of forthcoming identity server | Development version of forthcoming identity server | personal, managed-password. This endpoint can also interop with any Scenario 2 endpoints. | FederatedIdentity.net team |
| Sun Microsystems | CardSpace / Digital Me | OpenSSO | OpenSSO | managed-password | Pat Patterson |
| Symlabs | DigitalMe Firefox plugin | Symlabs Federated Identity Suite | SFIS | personal, managed-password | Sampo Guillermo Pablo |
Scenario 2 - Chained SAML 2/WS-Federation SSO
This scenario is characterized by chained passive browser SSO flows, either SAML preceeding WS-Federation, or vice versa.
Inter-Federation Scenario Details
Using Template:Scenario2
| Implementation Name | WS-Fed 1.1 RP | WS-Fed 1.1 IP | SAML2 SP | SAML2 IdP | Comments | Tech POCs |
| SymLabs | Symlabs Federated Identity Suite | SFIS | ZXID.org | SFIS | Sampo |
| Internet2 | Shibboleth | - | Shibboleth | Shibboleth | Scott Cantor |
| Oracle | Oracle Identity Federation | Oracle Identity Federation | Oracle Identity Federation | Oracle Identity Federation | Ari Kermaier Damien Carru |
