The first taste of Liberty

Resources Links

Ajax
Articles
Bioinformatics-Tutorials
Database-Tutorials
Free Books
Hibernate-Tutorials
J2EE-Tutorials
J2ME-Tutorials
Java-Tutorials
JavaScript
JDBC-Tutorials
JMS-Tutorials
JSP-Tutorials
Linux-Tutorials
MS Technology
PHP
RMI-Tutorials
Servlets-Tutorials
Struts-Tutorials
Tools For Java Technology
UML-Tutorials
Web Graphics Designing
Web Hosting Tutorial
Web-Services-Tutorials

More Tutorials

JSP Tutorials
Hibernate Tutorials
Struts Tutorials
JSF Tutorials MySQL Tutorials
Spring Tutorials
EAI Tutorials
JAXB Tutorials
Web Services Tutorials
JDO Tutorials
Java Tutorials
Java Certification
Linux Tutorials
Java Servlets
WAP Tutorials
EJB Tutorials
JDBC Tutorials
Bio Informatics
Java Server Faces Java Interview Questions

Tutorial: The first taste of Liberty

The first taste of Liberty

Tutorial Details:

The first taste of Liberty
The first taste of Liberty
By: By Frank Sommers
Sign on once, log in everywhere
hat annoys you most on the Web today?
For me, having to remember dozens of Website usernames and passwords surely surpasses all other inconveniences. Whether you wish to chat on JavaWorld' s forums or keep up with the news on your favorite current affairs Website, chances are you will be asked at some point to enter your username and password. Following closely behind that aggravation are the bothersome HTML forms you must fill out to obtain your user IDs in the first place.
Username and password boxes are annoying because they present an experience without close parallel in the off-line world. When returning home after a long day's work, once you unlock your front door, you can freely move about without identifying yourself to your kitchen appliances, your bathtub, or the television set. Inside your home, you gain complete access even to your checkbook without that checkbook asking for a username and password.
Even offices work similarly. Once you are permitted to enter an office building, you can typically move about without having to be reauthenticated to grab a cup of java from the lunch room or to drop by your coworker's cubicle for a quick chat. Homes and offices, in effect, are circles of trust: once admitted inside those circles, you are mostly free to go about your business.
Currently, the Web is a seascape of myriad user account islands, and Websites fail to share users' preferences. Even if you have already specified on an airline's Website that you're a vegetarian, chances are, the hotel where you'll be staying will ask for your meal preferences again. If you have children, you currently must separately specify that fact to hotels, restaurants, travel agencies, cruise lines, amusement parks, insurance companies, and the like. Next to usernames, passwords, and personal information request forms, isolated user preferences stand high on my list of awkward Web user experiences.
The Liberty Alliance Project specifications offer a possible solution to the first two of those limitations. The next-generation Liberty specifications, version 2.0 due in a few months, hope to solve the third one as well. What represents a mere inconvenience for Websites may well be a showstopper for Web services. You can almost always count on a human to punch her username and password into a Web browser. But Web services do not enjoy the benefits of human supervision: they must often invoke other Web services on their own. Even if Web services execute on behalf of a human user, they can't stop and fetch their anthropomorphic master for user access information. Rather, either they must have a way to obtain access information automatically or Web services acting together to support a common goal must trust one another prior to service-to-service invocations.
Liberty addresses the needs of both existing Websites and Web services. In this article, I first introduce the specific problems that Liberty tries to solve and the solutions it proposes. Then I describe an open source Liberty implementation, the Interoperability Prototype for Liberty (IPL), and implement a simple Liberty-enabled system using IPL. That example will feature a traditional Website infrastructure, allowing you to sign on once and gain access to two Websites. The example is easy to extend to Web services.
Single sign-on
The Liberty specifications are the efforts of an industry consortium that includes some of the biggest companies using electronic commerce today. At the time of this writing, the Liberty Alliance Project has more than 150 members, and several dozen companies have already announced support for Liberty in their products. Liberty is not specific to Java. Currently, the only Java-based implementation besides the open source IPL is a commercial product, the Sun ONE Identity Server.
Liberty mirrors the way two or more businesses form a trust relationship. That trust may be forged via business arrangements or contracts. A Liberty trust relationship means that one business trusts another business's user authentication decisions. That trust lets a user log in at one site and access another site as well. Thus, the key Liberty aim is to enable single sign-on (SSO) to multiple Websites and Web services.
The more companies that participate in a circle of trust, the more useful single sign-on becomes. Since both traditional Websites and Web services may be circle-of-trust members, Liberty defines the term service provider to refer to any electronic service participating in a Liberty identity federation.
Liberty adds three refinements to a general single sign-on mechanism. First, a special Liberty circle-of-trust member is a service provider whose responsibility is user authentication?an identity provider . Liberty specifies the relationship and communication patterns among the identity providers, the service providers, and the user. Second, Liberty ensures that a user has complete control over his identity information?any manipulation of a user's identity data requires prior user consent. Finally, Liberty relies on an emerging XML standard, SAML (Secure Assertion Markup Language), to exchange authentication information between service providers.
Although Liberty separates the identity and service provider roles, in some cases, a service provider may adopt the additional role of the identity provider. In other situations, however, user authentication may be delegated to a dedicated identity provider whose sole focus is user authentication. That provider might employ more sophisticated user authentication techniques than an individual Website operator might otherwise implement. For instance, an identity provider might require a user to log in with a secure smart card, instead of just a plain old username and password, possibly increasing overall system security. Figure 1 illustrates the role of an identity provider in the context of Liberty-enabled e-commerce Websites and Web services.
Figure 1. The identity provider's role in e-commerce Websites and Web services
Scattered identities: A user by many names
While it may at first sound strange to trust a third party with user authentication decisions, delegating such decisions to an outside party extends the way electronic commerce currently works. When you decide to submit your credit card number to an e-commerce Website, you want to ensure that no one impersonates that site to hijack sensitive account information. Current practice delegates verifying a Website's identity to public certificate authorities. Organizations such as VeriSign, Thawte Consulting, and others perform due diligence about a business's legitimate identity before granting it a secure certificate. Once that certificate is issued, Website visitors trust a certificate authority's decision to vouch for the service provider's identity.
In addition to the ability of delegating authentication decisions to an identity provider, Liberty empowers users to make decisions about their online identities. Single sign-on requires some sort of cross referencing, or federating , of user accounts among circle-of-trust members. However, Liberty mandates that a user initiate any sort of federation for her identity information. In other words, once a user initiates account federation between trusting service providers, those providers can trust one another's authentication decisions and thereby offer the convenience of single sign-on. Not only do service providers have to trust one another, the user also must trust the providers: the user is also a member of the circle of trust. If a user no longer trusts a service provider, she can annul the identity federations associated with the provider at any time.
By giving users complete control over their online identity profiles, Liberty contrasts with the "big brother" view of an identity provider. According to that view, a huge, centralized database tracks a user's online identity. Since all the information needed to evaluate a user's credentials are stored in that database, all authentication requests are directed to that single identity provider.
Due to an early version of an identity provider, Microsoft's Passport, that perception is not based entirely on myth. In its first incarnation, Passport was?and still is?a big database operated by a single company that stores user passwords and other user-related data. Much controversy has surrounded Passport and for valid reasons: not only does it require a user to entrust all her identity information to a single operator, it also increases the risk of all Passport-aware services becoming inaccessible should the Passport database service itself become unavailable.
Liberty, by contrast, acknowledges that a user's identity information is likely scattered across many databases and service providers. You may store your bank account information at your bank's database, your credit card numbers at the card issuer, and your cheese preferences at the local pizza parlor's Website. Each of those accounts, in turn, might require that you authenticate yourself before accessing that data. In Liberty terminology, at each of those sites, you maintain a local identity .
Liberty does not require that you give up those local identities in favor of a master, knows-it-all account. Liberty does not even require that a third party ever learn any detail of your local identities?you will never have to give your bank Website username or password to the pizza ordering service. Instead, Liberty provides a way to create a composite, federated identity profile from all those accounts. When you form a Liberty identity federation, Liberty produces a unique way to identify the newly created federation and then maps that federation's identity to your local identities. Figure 2 shows how that works.
Figure 2. Local identities and an identity federation
As a user, you are unawa

Read Tutorial at: Click here to view the tutorial

Rate Tutorial: The first taste of Liberty

View Tutorial: The first taste of Liberty

Related Tutorials:

Displaying 1 - 50 of about 1418 Related Tutorials.

First Step towards JDBC!
First Step towards JDBC ... of simplicity, in very first example Access database and Sun's JDBC-ODBC drivers... The first type of JDBC dirver is JDBC-ODBC Bridge which provide JDBC

JavaScript array first element
javascript array first element JavaScript array first element ... a code that makes you easy to understand in array first element example

First Ajax Example
Ajax First Example,Ajax PHP Datetime Example,Free Ajax and PHP Example Ajax First Example - Print Date and Time

First Window
Java: Example - First Window Java NotesExample - First Window This is about the simplest GUI..., and will appear in the top left corner of the screen, so you may not see it at first

Replacing the first subsequence of the input
Replacing the first subsequence of the input Replacing the first subsequence of the input ... describes the way to replace only the first subsequence of the String using regular

First Step towards JDBC!
Versions From First To Latest ... the database. First Step towards JDBC This article

Get first day of week
Get First Day of Week,Java First Day of Week Example,Getting First Day of Week in Java Get first day of week...; In this section, we will learn how to get the first day of week in Java

Delete the First Child of the Root Node
Delete the First Child of the Root Node, XML,XML Tutorials,Online XML Tutorial,XML Help Tutorials Delete the First Child of the Root...; This Example describes a method to Delete the first child

Writing your First WAP Application.
Writing your First WAP Application. function validateForm... First Application.Now... in WML (Wireless Markup Language). Now first of all we

Hello world (First java program)
First Java Program,Code of First Java Program,First Java Program for Beginners in Java Hello world (First java program... world program is the first step of java programming language. Be careful

First Step towards JDBC
First Step towards JDBC! window.location="introduction.shtml"; We have moved to another page click here to go

Java Applet - Creating First Applet Example
First Java Applet,Create Applet in Java,First Applet Example in Java,Code of First Applet Program Java Applet - Creating First...; Introduction First of all we will know about

Create First Program
Create First Program in Java Create First Program ..., to start execution. First of all JVM calls the main method of a class and start

First Program - Do Nothing
Java: First Program - Do Nothing Prev: none | Next: Dialog Box Output Java NotesFirst Program - Do... with a first line that looks exactly like this. Like a class, the body

Writing First Hibernate Code
Writing First Hibernate Code Writing First... is the mapping for our contact table. Writing First Persistence Class Hibernate uses... to insert the data into database. We should first understand about the Hibernate's

OOP Tutorial [first draft]
: OOP Tutorial [first draft] Table of contents Introduction... String firstName; // First name public String lastName; // Last name...(null, "First name"); pupil.lastName = JOptionPane.showInputDialog(null

Running First Hibernate 3.0 Example
Running First Hibernate 3.0 Example Running First Hibernate 3.0 Example ... showed you how to run the our first Hibernate 3.0 example.

Hello world (First java program)
Hello world Hello world (First java program) ... world program is the first step of java programming language. Be careful when

GUI Tutorial I - FIRST DRAFT
Vanilla Java: GUI Tutorial First Draft Table of Contents GUI Tutorial I - FIRST DRAFT Table... you build your first GUI programs, I suggest you imitate the examples

Writing First Hello World application in JSP
; In this example we will show you how to create first web page on tomcat server...; instead of "hello.html". This one the simply exercise for your first

Programming: Flip Names
________________________________________ Write a program that reads a name in first last format and convert it to last first format (separated by a comma and blank). You may use... the blank, then use substring(...) to extract the first and last names

JRequisite - Requirement Management Tool
; JRequisite 0.0.1 is released! The first

This series of progressive examples shows a typical pattern for building simple applications with a window.
Java: About Examples Java NotesAbout Examples This series of progressive examples shows a typical pattern for building simple applications with a window. Example - First Window shows

jQuery to Vertical Image Scroller
; In this first jQuery tutorial we will develop a program that vertical image

jQuery to text changes with fading effect
; In this first jQuery tutorial we will develop a program that text

jQuery to Simple Image Scroller
; In this first jQuery tutorial we will develop a program that simple image

jQuery to Image Changes With Sliding Effect
; In this first jQuery tutorial we will develop a program that

jQuery to Image Magnifier
; In this first

jQuery to Image Changes With Fading Effect
; In this first jQuery tutorial we will develop a program that images

Generate RDF file in Java
first RDF( Resource Description File). This example generates a RDF file

jQuery to text changes with sliding effect
; In this first jQuery tutorial we will develop a program that text

jQuery to Auto Image Scroller
; In this first jQuery tutorial we will develop a program that auto image scroller

Combine Name
, one for a first name and one for a last name. When the button is pressed, it formats them in the result field in the standard last name comma first name style...: Generates "Last, First" from separate parts. @author Fred Swartz @version

Creating Web application on tomcat server
Create your first Tomcat Web application Create your first Tomcat Web application ... how to create first web application using Servlet on the tomcat server.

Programming - Flip Name
, flipName, which has a string parameter which contains a name in last, first format. It should return the name in first last format as a string, or "ERROR

History of Web 3.0
; History The term ?Web 3.0? was first coined by John Markoff of the New York Times in 2006, while it first appeared prominently

Example: Capitalize
the first letter upper case and the remainder lower case, and outputs it. The input... // Purpose: Make first letter upper case, remainder lower case. // Uses... firstLetter = inputWord.substring(0,1); // Get first letter String remainder

Exercise - Capitalize Words
which returns a string first letter in every word capitalized and every other letter in lowercase. Assume the first letter is any letter preceded... you're outside a word, it must be the first letter so it should be changed

Programming: Initials 2
________________________________________ Overview. Write a program that asks for a name, including both first.... Input. Ask the user for their first and last name, separated by a blank... separating the names. You can then use substring() to extract the first

Components
are: JLabel, JButton, and JTextField. Learn these first. Input Components

How to Throw Exceptions
; Before catching an exception it is must to be thrown first. This means... { static int divide(int first,int second) throws MyException{ ...;can't be divided by zero"); return first/second

Source Mage GNU/Linux 0.9.6 is available now
stable PPC and x86. Our first stable PPC ISO release in a very long time... about the Source Mage GNU/Linux That's right, PPC! Our first stable PPC ISO

Blueprint
; Blueprint Software Modeler is one of the first commercial available UML

What are Chained Exceptions?
; Whenever in a program the first exception causes an another... by the first exception. Therefore chained exceptions help the programmer to know... from the information of first two method

Java - XPath Tutorial
In this example we have created an XML file "person.xml" first, which.... First of all we do need to load the document into DOM Document object. We have... this example follow these steps as mention below : First create and save an XML

Prime Number in Java
number. First of all we will define a class "Prime Number". Java I/O... for loop conditions first condition as integer i=1, i< num and i

Java class in JSP
; To use a Java class method in jsp first we need to import

Implementing Continue Statement In Java
statement. First all of define class "Continue". In this program used I/O

Calculating factorial in JRuby
first JRuby program" example you must be aware with the way to run JRuby

Dialog Box Output
to the first program, but it actually does something. The additional parts

Site navigation