OIO Identity-based Web Services

OIO Identity-based Web Services (in short OIOIDWS) is a set of profiles for SOAP based web services developed by the Danish National IT and Telecom Agency and approved by the OIO Committee 1st October 2009. The profiles offer a standardized way to transfer claims about a subject (user) to a service provider.

The profiles attached to this ressource are based on international standards from OASIS and Liberty Alliance.

Besides the profiles a scenario document is attached as well, illustrating how the profiles can be used in different scenarios.

As a teaser the figure below illustrates how the different profiles are used in a scenario where a user logs onto a service provider via the Web Single Sign On (OIOSAML). Following that the service provider sends a request to another web service provider on behalf of the user who is logged on.

Please refer to the scenario document and the profiles attached for additional information.


1.0.1 Minor updates to OIO Bootstrap Token Profile with more scenarios and OIO WS-Trust Profile to clarify that the element is defined under WS-Trust 1.4 namespace whereas all other WS-Trust elements are defined in the 1.3 namespace.

No normative requirements changed.

Filer og referencer

Titel Type
OIO SAML Profile for Identity Tokens v1.0.pdf pdf
OIO WS-Trust Deployment Profile v1.0.pdf pdf
Liberty-Basic-SOAP-Binding-1.0_Final.pdf pdf
Internal Link Intern reference
OIO Bootstrap Token Profile v1 0 1.pdf pdf
OIO WS-Trust Profile v1 0 1.pdf pdf
OIO IDWS Scenarios 1.1.pdf pdf
OIO IDWS REST profile (draft 3).pdf pdf
OIO IDWS REST profile V1_0.pdf pdf

OIO IDWS Profile updated from draft 3 to version 1.0

Thomas Gundel

Two minor things have been updated:

  • Token type returned by the Authorization Server uses capital letters (i.e. "Bearer" instead of "bearer")
  • WWW-Authenticate errors from the Authorization server now include a token type keyword (i.e. WWW-Authenticate: Holder-of-key error="invalid_token", error_description="Access token is invalid or expired")

OIO IDWS REST Profile (draft 3 ) published

Thomas Gundel

A new draft for a REST profile has just been published.

The purpose is to define a web service profile based on REST, where the client is authorized using a SAML Identity Token. The profile is designed to cover similar use cases as the Liberty Basic SOAP Binding [LIB-SOAP] with an equivalent level of security.

The profile has been chosen as a common specification in "Grunddataprogrammet".