| The Liberty Alliance Project
Tuesday published a public review
draft of a maintenance update of the version 1.0 specifications it released in
July.
The version 1.1 draft primarily makes some editorial changes in an effort
to clarify the specifications, but also adds a few fixes and minor
enhancements.
For instance, the new version fixes a vulnerability in the Liberty-enabled
Client/Proxy Profile (LECP), identified by both IBM and Sun Microsystems.
The Liberty Alliance said the vulnerability could have allowed a spurious
site to interpose itself between a user and a service provider, allowing
the site to impersonate the user. One of the enhancements is intended to
add security and privacy protections by allowing a service provider and
identity provider to periodically change opaque handles. Opaque handles are
random identifiers shared between service providers and identity providers
that allow them to identify users. Also, another enhancement is intended to
give flexibility in discovering which identity provider or providers an
end-user is using.
InternetNews Realtime IT News - Sun Unveils Liberty Server Software::
businesses to federate identities, via either SAML or the Liberty Specification, both internal and external to the Liberty Alliance Updates Specs
http://www.internetnews.com/ent-news/article.php/1568391HOME |
InternetNews Realtime IT News - Liberty Frees Up Web Services Identity ::
With Sun Microsystems leading the charge, the Liberty Alliance unveils five companies that have built products using its new federated identity specs.
http://www.internetnews.com/dev-news/article.php/3107861HOME |
The road still forks for federated ID management specs::
The Liberty Alliance released the second phase of its to the Liberty Alliance, assigning intellectual property patches, updates Mac
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=87560HOME |
 Mobile Alliance Spells Out Global Specs
 UnitedLinux Takes Aim At Microsoft, Sun, Red Hat |
PRINT
Add to favorites