Pat Patterson just made me aware that the architecture draft and usecase documents for the opensso project have been published.
The objective of this document is to provide brief and precise information relevant to the high-level architectural goals of core identity services for the web platform. The examples provided in this document are based on the general understanding of web application interactions where the end user interacts with target systems using a traditional web browsing application and follows hyperlinks or other similar constructs. Familiarity with operational aspects of web applications is a prerequisite to understanding the concepts and ideas discussed within this document.Rush Over, Read the docs as soon as you can, I have been awaiting this for a while now. The part I liked best was section 2.3.2 on Security and Confidentiality. OpenSSO has it's initial miniscule set of limitations though, especially when dealing with "Cross Domains". But hey, the project is at it's infancy right now. I bet Cross Domain SSO (OpenCDsso) would be introduce as participation increases. It's Open Source and it's our participation that makes a product attain it's peak in service provisioning. So go ahead lend a hand. I would love to see opensso handling tickets in addition to cookies/token validation. Hey maybe we could start a opensso branch for extensions. PS: Thanks, Arvind for putting this together so fast.