The Liberty Alliance Project was an organization formed in September 2001 to establish standards and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments, it released frameworks for federation, identity assurance, an Identity Governance Framework, Identity Web Services. By 2009, the Kantara Initiative took over the work of the Liberty Alliance; the group was conceived and named by Jeff Veis, at Sun Microsystems based in Menlo Park, California. The initiative's goal, promoted by Scott McNealy of Sun, was to unify technology and government organizations to create a standard for federated, identity-based Internet applications as an alternative to technology appearing in the marketplace controlled by a single entity such as Microsoft's Passport. Another Microsoft initiative, HailStorm, was renamed My Services but shelved by April 2002. Sun positioned the group as independent, Eric C.
Dean of United Airlines became its president. In July 2002, the alliance announced Liberty Identity Federation 1.0. At that time, several member companies announced upcoming availability of Liberty-enabled products. Liberty Federation allowed consumers and users of Internet-based services and e-commerce applications to authenticate and sign-on to a network or domain once from any device and visit or take part in services from multiple Web sites; this federated approach did not require the user to re-authenticate and can support privacy controls established by the user. The Liberty Alliance subsequently released two more versions of the Identity Federation Framework, in November 2003, Liberty contributed its final version of the specification, ID-FF 1.2, to OASIS. This contribution formed the basis for SAML 2.0. By 2007, industry analyst firm Gartner claimed that SAML had gained wide acceptance in the community. Liberty Alliance releasing the Liberty Identity Web Services Framework in April 2004 for deploying and managing identity-based web services.
Applications included geo-location, contact book, mobile messaging and People Service, for managing social applications such as bookmarks, calendars, photo sharing and instant messaging in a secure and privacy-respecting federated social network. In a 2008 marketing report recommended considering it for federation; the alliance introduced a certification program in 2003, designed to test commercial and open source products against published standards to assure base levels of interoperability between products. In 2007, the US General Services Administration began requiring this certification for participating in the US E-Authentication Identity Federation. In January 2007, the alliance announced a project for open-source software developers building identity-based applications. OpenLiberty.org was a portal where developers can collaborate and access tools and information to develop applications based on alliance standards. In November 2008, OpenLiberty released an open source application programming interface called ArisID.
In February 2007 Oracle Corporation contributed the Identity Governance Framework to the alliance, which released the first version publicly in July 2007. The Identity Governance Framework defined how identity related information is used and propagated using protocols such as LDAP, Security Assertion Markup Language, WS-Trust, ID-WSF; the Liberty Alliance began work on its identity assurance framework in 2008. The Identity Assurance Framework detailed four identity assurance levels designed to link trusted identity-enabled enterprise, social networking and Web applications together based on business rules and security risks associated with each level; the four levels of assurance were outlined by a 2006 document from the US National Institute of Standards and Technology. The level of assurance provided is measured by the strength and rigor of the identity proofing process, the credential's strength, the management processes the service provider applies to it; these four assurance levels were adopted by UK, USA government services.
In 2007 the Liberty Alliance helped to found the Project Concordia, an independent initiative for harmonization identity specifications. It was active through 2008; the alliance wrote papers on business and policy aspects of identity management.. It hosted meetings in 2008 to promote itself. Management board members included AOL, British Telecom, Computer Associates, Fidelity Investments, Internet Society, Nippon Telegraph and Telephone, Oracle Corporation and Sun Microsystems. Windows CardSpace Yadis OpenID OAuth Identity management systems Liberty Alliance web site OpenLiberty Project As described above, Liberty contributed Identity Federation Framework 1.2 to OASIS in November 2003. For the record, here is a complete list of contributed ID-FF 1.2 documents: Only the archived PDF files are individually addressable on the Liberty Alliance web site. To obtain copies of the remaining archived files, download both the Liberty ID-FF 1.2 archive and the Liberty 1.1 support archive
Representational state transfer
Representational State Transfer is a software architectural style that defines a set of constraints to be used for creating Web services. Web services that conform to the REST architectural style, termed RESTful Web services, provide interoperability between computer systems on the Internet. RESTful Web services allow the requesting systems to access and manipulate textual representations of Web resources by using a uniform and predefined set of stateless operations. Other kinds of Web services, such as SOAP Web services, expose their own arbitrary sets of operations."Web resources" were first defined on the World Wide Web as documents or files identified by their URLs. However, today they have a much more generic and abstract definition that encompasses every thing or entity that can be identified, addressed, or handled, in any way whatsoever, on the Web. In a RESTful Web service, requests made to a resource's URI will elicit a response with a payload formatted in HTML, XML, JSON, or some other format.
The response can confirm that some alteration has been made to the stored resource, the response can provide hypertext links to other related resources or collections of resources. When HTTP is used, as is most common, the operations available are GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. By using a stateless protocol and standard operations, RESTful systems aim for fast performance and the ability to grow, by re-using components that can be managed and updated without affecting the system as a whole while it is running; the term representational state transfer was introduced and defined in 2000 by Roy Fielding in his doctoral dissertation. Fielding's dissertation explained the REST principles that were known as the "HTTP object model" beginning in 1994, were used in designing the HTTP 1.1 and Uniform Resource Identifiers standards. The term is intended to evoke an image of how a well-designed Web application behaves: it is a network of Web resources where the user progresses through the application by selecting resource identifiers such as http://www.example.com/articles/21 and resource operations such as GET or POST, resulting in the next resource's representation being transferred to the end user for their use.
Roy Fielding defined REST in his 2000 PhD dissertation "Architectural Styles and the Design of Network-based Software Architectures" at UC Irvine. He developed the REST architectural style in parallel with HTTP 1.1 of 1996–1999, based on the existing design of HTTP 1.0 of 1996. In a retrospective look at the development of REST, Fielding said: The constraints of the REST architectural style affect the following architectural properties: performance in component interactions, which can be the dominant factor in user-perceived performance and network efficiency. Roy Fielding describes REST's effect on scalability. Six guiding constraints define a RESTful system; these constraints restrict the ways that the server can process and respond to client requests so that, by operating within these constraints, the system gains desirable non-functional properties, such as performance, simplicity, visibility and reliability. If a system violates any of the required constraints, it cannot be considered RESTful.
The formal REST constraints are as follows: The principle behind the client–server constraints is the separation of concerns. Separating the user interface concerns from the data storage concerns improves the portability of the user interface across multiple platforms, it improves scalability by simplifying the server components. Most significant to the Web, however, is that the separation allows the components to evolve independently, thus supporting the Internet-scale requirement of multiple organizational domains; the client–server communication is constrained by no client context being stored on the server between requests. Each request from any client contains all the information necessary to service the request, session state is held in the client; the session state can be transferred by the server to another service such as a database to maintain a persistent state for a period and allow authentication. The client begins sending requests. While one or more requests are outstanding, the client is considered to be in transition.
The representation of each application state contains links that can be used the next time the client chooses to initiate a new state-transition. As on the World Wide Web and intermediaries can cache responses. Responses must therefore, implicitly or explicitly, define themselves as cacheable or not to prevent clients from getting stale or inappropriate data in response to further requests. Well-managed caching or eliminates some client–server interactions, further improving scalability and performance. A client cannot ordinarily tell whether it is connected directly to the end server, or to an intermediary along the way. Intermediary servers can improve system scalability by enabling load balancing and by providing shared caches, they can enforce security policies. Servers can temporarily extend or customize the functionality of a client by transf