07/14/2008

WSO2 announced a new edition of its authentication solution, and has also joined two leading ID authentication groups.

ebizQ received the following:

WSO2 has begun shipping an enhanced version of the WSO2 Identity Solution. Version 1.5 offers strong Web authentication based on open standards and open source, the vendor says. WSO2 Identity Solution 1.5 adds support for OpenID, a popular feature for decentralizing single sign-on.

WSO2 also announced it has joined the OpenID Foundation and is a founding member of the Information Card Foundation, which was launched June 23, 2008.

The WSO2 Identity Solution enables Websites running on open-source or Java stacks to provide strong authentication using information cards that serve as electronic IDs for users.

Version 1.5 adds support for OpenID — an emerging standard for strong authentication in Web applications, blogs and other Web 2.0 Websites. By basing OpenID support on OpenID4Java, the WSO2 Identity Solution 1.5 offers interoperability with other OpenID systems -- and makes it simple to become an OpenID consumer and/or an OpenID provider. This functionality complements the existing capabilities in the WSO2 Identity Solution around information cards and Microsoft CardSpace technologies, giving enterprises more options for implementing consistent identity management across their Web and SOA applications.

“Electronic IDs, such as OpenID and CardSpace-based information cards, are rapidly gaining popularity as decentralized, user-centric approaches to authentication that eliminate the risks and inconvenience of password-based alternatives,” said Dr. Sanjiva Weerawarana, CEO of WSO2. “By offering both OpenID and CardSpace authentication, version 1.5 of our WSO2 Identity Solution extends our commitment to strong SOA governance by managing and protecting the identities of the many users served by today’s heterogeneous SOAs and Web applications.”

WSO2 Identity Solution includes an identity provider application for issuing cards, including those based on CardSpace, and OpenIDs for identity management. It is controlled by a Web-based management console and supports interoperability with multiple vendors’ OpenID and CardSpace components.

WSO2 Identity Solution also provides a Relying Party Component Set, which plugs into most common Web servers to add support for CardSpace and OpenID authentication requests. Additionally, the WSO2 Identity Solution works with enterprises’ current identity directories, such as those based on the Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory, allowing them to leverage their existing infrastructure.

Identity Solution also supports Security Assertion Markup Language (SAML) 2.0. The SAML XML standard for exchanging authentication and authorization data between security domains has become the dominant underlying structure of Web single sign-on solutions for enterprise identity management.

Identity Solution also supports multi-factor authentication using a combination of OpenID and information cards to provide higher level security and fight phishing attacks, WSO2 says.

The product also supports the 1.1 and 2.0 OpenID standards, and many OpenID model extensions, including Simple Registration, Attribute Exchange, and the Provider Authentication Policy extension.

Identity Solution also provide heterogeneous support via Relying Parties. The product works with Web frameworks running on Apache2 — including PHP, Python and Perl applications. Identity Management also supports applications written to the Java Servlet API, such as those running on the Apache Tomcat and JBoss application servers. The emerging i-name standard is also supported.