Two new posts explaining advanced uses of Web Services security in Metro. First Ashutosh explains how to Run a Kerberos Token Profile based WS Security scenario as it was used at the Latest Plugfest at Redmont. This builds on an earlier entry describing earlier entry on the same topic.

Then Kumar shows how to programmatically Access the SAML Assertion in a WSIT Secure Scenario.

Over at the Sun Developer Network, Marina Sum has been on a tear this past week or so, with two articles on OpenSSO and its sister product, Sun Java System Access Manager. Last week, she and I published Single Logout: A Demo, a follow-up to February's article Switch on SAML for PHP With Project Lightbulb, covering Project Lightbulb's evolution into OpenSSO Extensions and its implementation of SAML 2.0 single logout. Much discussion of the mechanics of single logout and its implementation in the OpenSSO SAML 2.0/PHP Extension.

Today, Marina and Robert Skoczylas of Indigo Consulting published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company. Great stuff, working from a high-level description of the problem right down to specific Access Manager customizations.

Another neat technical article just hit the wire over at Sun Developer Network: Achieving SSO With Sun Java System Access Manager and SAML. Vasanth Bhat and Marina Sum look at how to integrate Access Manager with a third party application - in this case SAP NetWeaver Enterprise Portal 2004s - via SAML. Neat stuff!

Following on from last week's entry on OpenID on OpenSSO, we rolled the new OpenID code into OpenSSO over the weekend and are today announcing OpenSSO Extensions (more detail in my blog entry at Superpatterns) - an incubator for OpenSSO. The OpenID code is there, as is the existing 'Lightbulb' SAML 2.0 PHP and a new Client SDK for OpenSSO implemented in PHP.

The idea is that, if you have an idea for a cool extension to OpenSSO, maybe a new authentication module or identity repository plugin, you can work on it in the OpenSSO community, with the code hosted in a 'sandbox' under the opensso/extensions tree. As extensions mature we'll look at migrating them into the OpenSSO core.

Malla Simhachalam and Marina Sum have written an excellent tutorial on securing web services using NetBeans 5.5 and Sun Java System Access Manager.

The tutorial walks through a familiar stock ticker sample, showing how anonymous users get delayed stock price data while authenticated users have access to real-time prices. Malla and Marina step through the message exchange and explain how it is secured with SAML assertions, so this is a great read if you are looking at identity-enabling web services.

As I just mentioned over at Superpatterns, Marina Sum and I just published an article on the Sun Developer Network (SDN) - Switch on SAML for PHP with Project Lightbulb. The article walks through some of the Project Lightbulb code, following the single sign-on process. If you want to work with the Lightbulb code, or you just want a better idea of how SAML 2.0 works, this article is for you.