From OSIS Open Source Identity Systems
Jump to: navigation, search

The following identity-related projects are represented in OSIS (alphabetically). Work in progress!


Bandit is a set of components that provide consistent identity services for Authentication, Authorization, and Auditing. The Bandit project creates a community that organizes and standardizes identity-related technologies in an open way, promoting both interoperability and collaboration.


  • Website:
  • Participants in OSIS: Paul Trevithick (Higgins, Parity), Mary Ruddy (Higgins, Meristic), Antony Nadalin (IBM), Dale Olds (Novell), Drummond Reed (Cordance, Parity)

An open identity framework designed to integrate identity, profile and social relationship information across multiple sites, applications and devices.



The Open Web SSO project (OpenSSO) provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenSSO provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers. This project is based on the code base of Sun JavaTM System Access Manager, a core identity infrastructure product offered by Sun Microsystems.

As of this writing, OpenSSO provides authentication, policy (authorization) and session services, including policy agents to SSO-enable web containers such as web servers and application servers. Federation capability (SAML 1.x, Liberty ID-FF and SAML 2.0) and identity web services (Liberty ID-WSF) coming soon.


The OpenXRI project is producing the "BIND of XRI", i.e., a community-supported XRI resolver, XRI authority server, XRI proxy server, and XRI utility programs compliant with the XRI 2.0 specifications from the OASIS XRI Technical Committee. These are initially being developed in Java, with subsequent ports planned to C and other popular platforms.


Shibboleth is an open source (Apache-licensed) implementation of standards-based web single sign-on and attribute exchange. It is primarily an implementation of SAML 1.1, with work on SAML 2.0 under way now.

It includes an identity provider, in Java, with support for many authentication and attribute sources. The service provider (relying party) implementation is available for Apache, IIS, and iPlanet, with pure Java in development.

Support for other identity protocols, such as WS-Federation (ADFS), also exists. Future plans (e.g. WS-Trust features) are mostly driven by community interest. A tentative roadmap for future work includes advanced Liberty functionality in support of web services.


The xmldap openinfocard code provides a set of libraries and components for interoperability with MSFT Cardspace and the associated protocols. It includes code for Relying Parties, Identity Selectors (self-asserted cards only at this time) for Firefox and Safari, the beginnings of an STS, and code for creating Infocards (the serialization format)

It's a fairly pure opensource project. No corporate affiliation or product association...simply a few people playing with technology and scratching an itch.