]> for Lasso &version; The latest version of this documentation can be found on-line at http://lasso.entrouvert.org/documentation/index.html. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. 2004, 2005, 2006, 2007, 2008, 2009 Entr'ouvert Lasso is a library which provides all the necessary functions for sites to implement Liberty Alliance specifications. It defines processes for federated identities, single sign-on and related protocols. Founded in 2001 by Sun in order to propose an alternative to the Microsoft Passport project, the consortium Liberty Alliance aims to promote an infrastructure of standards allowing the management of federated identities between several services or systems. A federated identity (or network identity) of an individual or a legal entity on Internet gather at the same time: Its identification (name, co-ordinates, preferences, history...); Its authentication (which guarantees the validity of an identity); Its authorisations (access rights to information, access rights to services). Liberty standards aims to give more coherence to a network identity which is scattered (numerous logins and passwords) today. This identity becomes frequently delicate to manage, both for customers and businesses. The Liberty Alliance specifications define three types of actors: The user, person or entity who can acquire an identity; The identity provider which creates and manages the identity of the users, and authenticates them to the service providers; The service provider who provides services to the users once that they have authenticated to an identity provider. One calls circle of trust a grouping of identity providers and service providers which agreed to share (to federate) the identity of their users. Contrary to most other implementations of Liberty Alliance, Lasso is not a full-fedged system but a simple C library, with complete bindings for Java, Perl, PHP and Python. The integration work should largely be facilitated. An existing site should be able to integrate it in a few days of development, without calling into question its architecture. Lasso is a library written in C Language. Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception). Lasso handle the concepts of providers sharing identities, that can enable the creation of sessions following an authentication. The current provider is represented by the LassoServer object, which inherit from the LassoProvider. All known providers to the current provider must be registered inside the LassoServer object. Some providers are identity providers, by sending authentication request you can establish federation, materialised by LassoFederation objects, between identity stored by the identity provider and another stored by the current provider. Those federation are stored in the LassoIdentity object. Each time an authentication is done, an assertion reprenting it is stored in the LassoSession object. They are stored in a map, keyed by the originating identity provider, see lasso_session_get_assertion(). Protocols from the ID-FF 1.2 or the SAML 2.0 family are represented by object whose class inherit from LassoProfile. The constructor of those profile objects needs a LassoServer, and eventually a LassoIdentity and a LassoSession. LassoNode is the base class for all Lasso classes, it gives XML serialization and deserialization support to all of them. The LassoMiscTextNode allows to represent miscellenaous nodes for whose no mapping to a specific GObjectClass exists. The profile LassoLogin and LassoLogout are shared between SAML 2.0 and ID-FF 1.2, depending on the declared protocol support, Lasso will create request respecting the chosen standard. Beware that initialization of the LassoLogin object, after construction, differ between the two stacks of profiles. The LassoNameIdManagement profile replace the nearly equivalent LassoDefederation profile from ID-FF 1.2.