Entr'ouvert Entr'ouvert Documentation

Lasso & Liberty Alliance Overview

Lasso is a library which provides all the necessary functions for sites to implement Liberty Alliance specifications. It defines processes for federated identities, single sign-on and related protocols.

Founded in 2001 by Sun in order to propose an alternative to the Microsoft Passport project, the consortium Liberty Alliance aims to promote an infrastructure of standards allowing the management of federated identities between several services or systems.

A federated identity (or network identity) of an individual or a legal entity on Internet gather at the same time:

  • Its identification (name, co-ordinates, preferences, history...);
  • Its authentication (which guarantees the validity of an identity);
  • Its authorisations (access rights to information, access rights to services).

Liberty standards aims to give more coherence to a network identity which is scattered (numerous logins and passwords) today. This identity becomes frequently delicate to manage, both for customers and businesses.

The Liberty Alliance specifications define three types of actors:

  • The user, person or entity who can acquire an identity;
  • The identity provider which creates and manages the identity of the users, and authenticates them to the service providers;
  • The service provider who provides services to the users once that they have authenticated to an identity provider.

One calls circle of trust a grouping of identity providers and service providers which agreed to share (to federate) the identity of their users.

Contrary to most other implementations of Liberty Alliance, Lasso is not a full-fedged system but a simple C library, with complete bindings for Java, Perl, PHP and Python. The integration work should largely be facilitated. An existing site should be able to integrate it in a few days of development, without calling into question its architecture. Lasso is a library written in C Language.

Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).