Overview 5
Manual (99a) 3/17/03103Novell Confidential 01overvw.fm last saved 4/14/03
1 Overview
This section covers the following topics:
Understanding the Liberty Alliance
Liberty Alliance Architecture
Understanding the Value of the Novell Liberty Identity Provider
Benefits of the Liberty Identity Provider for Novell eDirectory
Service Provider Sample Code
Understanding the Liberty Alliance
The Liberty Alliance is a consortium of business leaders with a vision to enable a networked world
in which individuals and businesses can more easily conduct transactions while protecting the
privacy and security of vital identity information.
To accomplish its vision, the Liberty Alliance established an open standard for federated network
identity through open technical specifications.
In essence, this open standard is a structured version of the Security Assertions Markup Language,
commonly referred to as SAML, with the goal of accelerating the deployment of standard-based
single sign-on technology.
Liberty Alliance Architecture
The Liberty Alliance 1.1 specification has two main components: the Liberty identity provider
(Liberty IDP) and the identity consumer, referred to as a Liberty service provider (SP).
A Liberty IDP is the central credential store for a user's identity information, and it is the heart of
the user’s identity federations, or account linkage information. The Liberty IDP also serves as the
authentication authority, which is viewed as a trusted identity store by the Liberty SPs.
Liberty SPs are the Web sites that the user wants to connect to.
A "circle of trust" is formed between Liberty IDPs and SPs to provide the user a secure
infrastructure for controlling his or her identity information, and to facilitate Web single sign-on.
Understanding the Value of the Novell Liberty Identity Provider
When a user authenticates to a Liberty SP, he or she is given the option to federate his or her
identity with his or her preferred Liberty IDP. This process creates a unique link between the
Liberty IDP and SP identities.
