CLARIN/Security for web services

• ISOcat registry
• CMDI, component metadata infrastructure

Approaches

Open

All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [REF NEEDED]

Shibboleth + delegation

SAML ECP

OAuth 1.0

OAuth 2.0

Links

Standards

• User Managed Access (UMA) has some overlap with this work
• OASIS Web Services Security: WS-Security, username, X.509, SAML
• A SASL and GSS-API Mechanism for SAML, uses base64 encoded SAML request in URL
• OAuth 2.0, and with SAML assertions

Libraries

• OAuth 2 assertion profile library
• Shibboleth ECP delegation, web-service client, and configuring it.

Federations

• eduGAIN
• OpenSocial
• SURFfederatie diensten

Other

• N-tier usage of SAML in backend