Identity Management

Imagemap
Identity ManagementAuthenticationAccess ManagementUser ManagementProvisioningIdentity Systems
hideIdentity Management
hideAuthentication
hideSingle Sign On (SSO)
hideWebSSO
hideDefinition
leafWebSSO/WebISO: These are applications that provide SSO authentication and access to Web applications, extranets and portals. Its components are weblogin service, verification service, web application agent, web application and web browser.
hideCosign
leafStatus: 5 - Production/Stable
leafLicense: X11-style License
leafDescription: Support Global Logout by visiting a link Support GSSAPI authentication Written in C and support MS ISAPI (IIS), Apache 1.3/2.0, Servlet and Java/J2EE
hideWebAuth
leafLicense: MIT style
leafDescription: Use a model similar to Peoplesoft v8 SSO (WebKDC and WAS) • Cookie (consumed by web apps), • ID and Proxy token (consumed by WAS) and • Main token (consumed by webKDC) Written in Perl and support Apache 2.0, C++/Perl API. Highly scalable (Stateless design). Vulnerable to browser hack because of non-opaque cookie
hideYaleCAS
leafStatus: 5 - Production/Stable
leafLicense: Yale License
leafDescription: Based on Kerberos model. AuthZ implemented as an extension Written in Java. Only records permissions, not group/roles Supports Kerberos & LDAP authentication Distribution Packages Available via ESUP-PORTAIL
hidePubcookie
leafStatus: 5 - Production/Stable
leafLicense: BSD
leafDescription: Support Kerberos, LDAP and shadow password authentication
hideShaj
leafLicense: ASF 2.0
leafDescription: SHAJ is a simple library that allows your Java app to verify users with the underlying operating system.
hideA-Select
leafStatus: 5 - Production/Stable
leafLicense: BSD
leafDescription: Support LDAP, Radius, SMS (Surfkey), OTP, PKI, Tokens and Biometrics authentication Protects user privacy through use of ticket credentials. Easy to integrate with existing Auth and web sources makes it highly practical. Lacks good cross-org support.
leafGLAM
leafBlueStem
leafEld
hideOpenSSO
leafStatus : 1- Planning (Q4 2005)
leafLicense: CDDL
leafDescription: SSO Toolkit for Java based on Sun Java System Access Manager
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/sun.png"></td></tr> </html>
hideFederated SSO
hideDefinition
leafFederated / Cross-Domain SSO: Similar to Web SSO, it uses SOAP and SAML to leverage federated directories to assert user credentials and privileges across different domains.
leafSourceId
leafOpenSAML
hideWorkstation SSO
hidepGina
leafState: Active/Mature
leafDescription: A replacement for domain authentication in a Windows environment. It allows Windows to authenticate from any number of existing authentication sources of methods
leafLicense: GPL
hidePingID SAML Windows Logon*
leafLicense Type: Comes with Ping Federate Server
leafFunctionality: SAML based Windows Logon Adapter Authenticate against PingID Federate Server
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/pingid.gif"></td></tr> </html>
hideWeb Services
hideWS-Security
leafApache WS-FX
leafAxis-Wsse
hideGeneric Toolkit
leafIBM XmlSecurity
leafPhaos XML Security
leafApache XML
hideStrong AuthenticationInternal Link
hideHOTP
hideServer
hideTripleSec
leafStatus: 3 - Alpha
leafLicense: OSL 2.1
leafDescription: TripleSec contains both a Kerberos Server, an LDAP Server and a HOTP module. It can authenticate users with One Time Passwords (OTP) generated on mobile devices.
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/shorg.gif"></td></tr> </html>
hideClient
hideHauskeys
leafStatus: 4 - Beta
leafLicense: ASL 2.0
leafDescription: Mobile Authentication Client (HOTP) Support J2ME, Backberry RIM, Nokia
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/shorg.gif"></td></tr> </html>
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/oath.png"></td></tr> </html>
leafFSSOInternal Link
hideby Mechanism
hideKerberos
hideServer
hideApache Kerberos
leafStatus : 3- Alpha
leafLicense: ASL 2.0
leafDescription: Java Implementation of Krb5
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/asf.gif"></td></tr> </html>
hideGnu Sishi
leafStatus: 3 - Alpha
leafLicense: GPL
leafDescription: Free Implementation of Krb5, non Java
hideHeimdal
leafStatus: 5 - Production/Stable
leafLicense: BSD
leafDescription: Free Implementation of Krb5, non Java Integrated into *BSD and Fedora Export Law Warnings
hideMIT Kerberos
leafStatus: 6 - Mature
leafLicense: MIT
leafDescription: Widely Used in Unix, US Export Control
hideSPNEGO (Web Agent)
leafApache 2.0 mod_spnego
hideJCIFS-ext
leafLIcense: LGPL
leafDescription: Servlet-Filter Implementation of SPNEGO
hidePKINIT
leafHeimDal
leafmuscle/PCSC
leafOpenSC (PKCS15)
hidePKI (X.509 Cert)
hideDefinition
leafWhen a user accesses web application: • (Prerequisite:) Certificate is installed in user’s browser • User visits web application and browser authenticates without user interaction • Server checks certificate against trust store to validate user’s identity • Server asserts user identity to application
hideCert Authority
hideOpenCA
leafStatus : 4- Beta
leafLicense: Apache Style
leafDescription: Relying on OpenSSL, Apache and Perl Modules Can use MySQL as a backend
hideIDX-PKI
leafStatus : 4- Beta
hideNewPKI
leafStatus : 4- Beta
leafLicense: GPL
leafDescription: Relying on OpenSSL Low Level API Written in C++
hideEJBCA
leafStatus: 5 - Production/Stable
leafLicense: LGPL
leafDescription: Written in J2EE
hideTinyCA
leafStatus : 4- Beta
leafLicense: GPL
leafDescription: TinyCA lets you manage x509 certificates It works as a frontend to OpenSSL. Written in Perl
leafGenCerti
leafElyCA
hideLibrary/Generator
leafOpenSSL/Java Keytool
hideBouncyCastle
leafState:Active/Mature
leafLicense: BSD Style
leafDescription: A lightweight cryptography API in Java. JCE/JCA Provider. Generators/Processors for X.509, S/MIME, PKCS7, OCSP, TSP, OpenPGP
hideCert Mgmgt Tool
leafROCA
hideShared Directory
hideDefinition
leafWhen a user accesses web application: • Application collects username/password • Application validates credentials using common security framework/APIs • Security framework validates against single LDAP directory or database
hideSecurity Framework
hideJAAS
hideJGuard
leafStatus: 4 - Beta
leafLicense: LGPL
leafDescription: Handles security permissions in the database.
hideJOSSO
leafStatus : 4- Beta
leafLicense: BSD
leafDescription: Supports X.509, Client plugin for ASP
leafSeraph
leafTagish
leafInstance-based AuthZ
hideGabriel
leafStatus: 4 - Beta
leafLicense: ASL 2.0
leafDescription: Supports access control lists and permissions. Maps method access to permissions instead of persons It missed the concept of roles and groups
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/codehaus.png"></td></tr> </html>
hideProxy Systems
hideDefinition
leafWhen a user accesses web application: • he will be redirected to an authentication web app (Proxy) • The proxy/authenticator collects username/password and validates against central auth store. • The proxy sets a cookie and redirects user back to original application
leafYaleCAS
hideNTLM
hideDefinition
leafWhen User logs into Windows workstation and accesses a web application: • Server sends NTLM challenge (from PDC) • Browser responds without user interaction • Server validates with domain controller
hideJCIFS/NTLM
leafJAASLounge
leafmod_ntlm
hideRADIUS
hideFreeRADIUS
leafJRadius
leafXtRADIUS
leafICRADIUS
leafCistron
leafYARD RADIUS
leafGNU Radius
hideAccess Management
leafDefinition: Access Management is often used to describe broader systems that use both authentication and authorization services
hideShibboleth
leafStatus: 4 - Beta
leafLicense: Apache Style
leafDescription: Designed specifically for US Higher Education Environment Support cross-institutional models and services Highly Complex to setup and integrate Use ARP, Proprietary mechanism to locate users
hidePERMIS
leafStatus: 5 - Production/Stable
leafLicense: MIT Style
leafDescription: Written in Java, Powerful Policy Engine, Support RBAC Store Attribute Certificates in single repository X.509-based Credentials
leafOpenPERMIS
hideAKENTI
leafStatus: 5 - Production/Stable
leafLicense: BSD Style
leafDescription: Writen in C++, AC-based AuthZ, albeit non-standard AC Targeted on authorizing accesses on web resources Doesn't link identities with group/roles, but with permissions Non X.509-based Credentials
hideVOMS
leafStatus: 5 - Production/Stable
leafDescription: Attribute Certificates Issuer Rely on other Policy Engine
hideAthensDA
leafStatus: 5 - Production/Stable
leafDescription: It helps protect user personal details through the use of attributes. Widely adopted in UK (Eduserv)
hideSWITCH AAI
leafDescription: Swiss Pilot implementation of Shibboleth
hidePAPI
leafDescription: Widely adopted in Spain (Rediris)
leafWP6
hidePolicy Language
hideXACML
hideSunXACML
leafStatus : 4- Beta
leafLicense: Sun License
leafDescription: Open source implementation of the OASIS XACML standard, written in Java
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/sun.png"></td></tr> </html>
hideEPAL
leafDescription: Not Yet an OASIS standard
leafDetailed Comparison with XACML
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/ibm.png"></td></tr> </html>
leafPONDER
hideP3P
leafDescription: Language to describe Privacy Policy for web resources
hideUser Management
hideDirectory Services
hideOpenLDAP
leafStatus: 5 - Production/Stable
leafLicense: OpenLDAP Public License
leafDescription: Embedded in Multiple Platforms, Non Java
hideApacheDS
leafStatus : 4- Beta
leafLicense: ASL 2.0
leafDescription: Java Implementation of LDAPv3
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/asf.gif"></td></tr> </html>
hideSub Projects
hideMitosis
leafStatus: 3 - Alpha
leafLicense: OSL 2.1
leafDescription: It is a multi-master replication module that works for Apache Directory Server. Mitosis uses a interceptor chain mechanism of ApacheDS to implement replication.
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/shorg.gif"></td></tr> </html>
leafPenrose, see Virtual Directory
hideRedhat/Fedora DS
leafStatus : 1- Planning
leafLicense: GPL
leafDescription: LDAP server based on Netscape DS
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/redhat.gif"></td></tr> </html>
hideVirtual Directory
hidePenrose
leafStatus: 4 - Beta
leafLicense: OSL 2.1
leafDescription: It is a data-virtualization service for collection of network directory and database servers that provide data synchronization, replication and dynamic access feature. It is utilizing Apache Directory Project and has Eclipse-based mapping tool.
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/shorg.gif"></td></tr> </html>
hideMeta Directories
hideGanymede
leafStatus: 5 - Production/Stable
leafLicense: GPL
leafDescription: It is a data-mastering service for a customizable collection of network directory services which provides a high quality (and concurrent) user interface and lots of interactive feedback. It does not directly play a role in monitoring LDAP servers or of doing real-time translations of LDAP queries across data services
hideSlapd Back-meta
leafDescription: perform basic LDAP proxying with respect to a set of remote LDAP servers No entry join/merge, no multiple DN check
hideProvisioning
hideSPML
leafDescription: XML-based Service Provisiong standard
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/oasis.jpg"></td></tr> </html>
hideImplementation
hideOpenSPML
leafStatus : 4- Beta
leafLicense: WaveSet General LIcense
leafDescription: SSO Toolkit for Java and .NET. Support Liberty ID-FF, SAML and WS-F
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/sun.png"></td></tr> </html>
hideSyncML
leafDescription: Provisioning language for device management technologies
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/oma.png"></td></tr> </html>
hideSync4J
leafStatus: 5 - Production/Stable
leafLicense: GPL
leafDescription: Large J2EE implementation of SyncML protocol. Support JBoss
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/ibm.png"></td></tr> </html>
hideIdentity Systems
hideYADIS
leafDescription: Yet Another Distributed Identity System.
hideLID
leafStatus: 4 - Beta
leafOpenID
hideSXIP
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/sxip.png"></td></tr> </html>
leafXRI/i-names
leafOMPL
hideFederation
leafDescription: Federation is a token-based identity.
hideWS-Federation
leafSourceId
hideLiberty ID-FF
leafDescription: Standard for cross-organization authentication
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/liberty.png"></td></tr> </html>
hideImplementation
leafSourceId
leafLASSO
hideSAML
leafDescription: Security Assertion standard for cross-organization authentication
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/oasis.jpg"></td></tr> </html>
hideImplementation
hideSourceId
leafStatus: 5 - Production/Stable
leafLicense: OSL 2.1
leafDescription: SSO Toolkit for Java and .NET Support Liberty ID-FF, SAML and WS-F
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/pingid.gif"></td></tr> </html>
hideOpenSAML
leafStatus: 4 - Beta
leafLicense: OpenSAML License
leafDescription: Interoperability Prototype Implementation Java 2 Platform
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/i2.png"></td></tr> </html>
leafGuanXi / Samuel
hidePassel
leafStatus: 1 - Planning
leafLicense: LGPL
leafDescription: A lightweight, user-centric identity system that enables people to manage their online identity.
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/pingid.gif"></td></tr> </html>
hideInfoCard
leafStatus: 1 - Planning
leafLicense: YTD
leafDescription: Virtual Membership Card, build entirely on Web Services (WS-*) stack. Infocard only defines framework protocol between the Infocard client.
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/microsoft.png"></td></tr> </html>
leafFOAF
hideId-Commons
leaf<html> <table> <tr><td>Sponsored by</td><td> <img src="images/ic-logo.gif"></td></tr> </html>
leafAIAKOS