WSO2 extends SOA governance with Identity Solution 1.5, featuring support for OpenID-based open source authentication

WSO2 Joins Leading Electronic ID Authentication Groups: OpenID Foundation and Information Card Foundation

Mountain View, CA – July 14, 2008 – WSO2, the open source SOA company, today announced that it has extended its support for service-oriented architecture (SOA) governance through enhanced authentication. Version 1.5 of the WSO2 Identity Solution for strong Web authentication based on open standards and open source is now generally available and adds support for OpenID, a popular feature for decentralizing single sign-on. Additionally, WSO2 has joined the OpenID Foundation and is a founding member of the Information Card Foundation, which was launched June 23, 2008.

The WSO2 Identity Solution enables websites, including LAMP and Java, to provide strong authentication using information cards that serve as electronic IDs for users. Version 1.5 adds support for OpenID—which is rapidly becoming the market leader for strong authentication in Web applications, blogs and other Web 2.0 websites. By basing OpenID support on OpenID4Java, the WSO2 Identity Solution 1.5 offers a very high level of interoperability with other OpenID systems that makes it simple to become an OpenID consumer and/or an OpenID provider. This functionality complements the existing capabilities in the WSO2 Identity Solution around information cards and Microsoft CardSpace technologies, giving enterprises more options than ever for implementing consistent identity management across their Web and SOA applications.

“Electronic IDs, such as OpenID and CardSpace-based information cards, are rapidly gaining popularity as decentralized, user-centric approaches to authentication that eliminate the risks and inconvenience of password-based alternatives,” said Dr. Sanjiva Weerawarana, CEO of WSO2. “By offering both OpenID and CardSpace authentication, version 1.5 of our WSO2 Identity Solution extends our commitment to strong SOA governance by managing and protecting the identities of the many users served by today’s heterogeneous SOAs and Web applications.”

WSO2 OpenID Support Extends Authentication Options

The WSO2 Identity Solution 1.5 features the easy-to-use Identity Provider application for issuing cards, including those based on CardSpace, and OpenIDs for identity management. It is controlled by a simple Web-based management console and supports interoperability with multiple vendors’ OpenID and CardSpace components. The WSO2 Identity Solution1.5 also provides a Relying Party Component Set, which plugs into most common Web servers to add support for CardSpace and OpenID authentication requests. Additionally, the WSO2 Identity Solution works with enterprises’ current identity directories, such as those based on the Lightweight Directory Access Protocol (LDAP) and Microsoft Active Directory, allowing them to leverage their existing infrastructure.

Key features of the WSO2 Identity Solution1.5 include:
  • Security Assertion Markup Language (SAML) 2.0 support. The SAML XML standard for exchanging authentication and authorization data between security domains has become the dominant underlying structure of Web single sign-on solutions for enterprise identity management.
  • Multi-factor authentication using a combination of OpenID and information cards to provide higher level security and fight phishing attacks.
  • Broad OpenID support, including the 1.1 and 2.0 OpenID standards, and many OpenID model extensions such as Simple Registration, Attribute Exchange, and the Provider Authentication Policy extension (PAPE).
  • Easy access management, including white-listing and black-listing.
  • Heterogeneous support via Relying Parties. The WSO2 Identity Solution can work with any Web framework running on Apache2—including PHP, Python and Perl applications—as well as applications written to the Java Servlet API, such as those running on the Apache Tomcat and JBoss application servers. The emerging i-name standard is also supported.
Contributing to Electronic ID Community

WSO2 has joined two of the leading organizations to promote the standardization of authentication based on electronic IDs. Last month, WSO2 joined some of the industry’s largest companies—including Equifax, Google, Microsoft, Novell Oracle and PayPal—in becoming a founding member of the Information Card Foundation (ICF), which aims encourage interoperability in business around electronic ID card standards. For more information on the ICF, visit WSO2 also has joined the OpenID Foundation, which seeks to help promote, protect and enable the OpenID technologies and community, and counts Google, IBM, Microsoft, VeriSign and Yahoo! among its members. To learn more about the OpenID Foundation, visit

Availability and Support

The WSO2 Identity Solution 1.5 is available for download today. As a fully open source solution released under the Apache License 2.0, the WSO2 Identity Solution does not carry any software licensing fees. WSO2 offers a range of service and support options for the WSO2 Identity Solution. These include support subscriptions, training, consulting, custom development and development support. For information on service and support packages, visit