Identity, Security and XML Web Services

Presented at OMG Web Services Workshop 2003, O'Reilly Emerging Technology Conference 2003, XML Europe 2003 Conference, Internet World UK 2003 Conference

The use of security credentials and concepts of single-sign-on and “identity” play a big part in Web Services as developers start writing enterprise-grade line-of-business applications. An overview is provided of the emerging XML security credential standards such as SAML, along with various “identity” standards such as Passport and Liberty. We examine how “identity aware” Web Service implementations need to be, and the value a Web Services platform can add in reducing complexity in this area, with lessons drawn from experiences using J2EE technology for real-world security scenarios.