IdentityFlow is a meta-model architecture and software implementation that describes and solves Identity Tasks. Identity tasks are tasks that are conducted by protocol driven interactions between between Actors across a network that solve an identity related problem. Identity tasks are modeled and developed as IdentityFlow Operations. Examples of identity tasks, and therefore potential operations, include Single Sign-On (SSO), Single Sign-Off, Attribute Requests and Claim Verification.
IdentityFlow has a layered architecture, which encourages a waterfall design approach, outlined as follows,
- High level representation of identity task accessible to domain specialists (may be non-technical experts)
- Top level technical representation of naive protocol flow and bindings
- Low level operation implementation, including profiles and bindings
IdentityFlow is intended to produce working implementations from the start, where detail and further implementation can be added later. It is intended to embrace specifications and standards, such as Security Assertion Markup Language (SAML) and Shibboleth, but not to drive them. It is also intended to produce the maximum design & code re-use by building operations from logical building blocks. To make the software more readily usable, it is SAML compliant (where possible) by default and a sample SSO operation and Redirect(GET)/POST binding implementations are included.
It is intended that a wide variety of operations, profiles and bindings be available in the future. A main design goal for IdentityFlow is also to integrate 'hooks' for a trust infrastructure into operations, and hence identity task protocol flows.
IdentityFlow is being developed as part of the OPAALS European Framework Programme 6 project as an open source project, available under the new BSD license.
