Vocational blog: IdentityMeme.org
Avocational blog: EclecticReflections.com
See also: Kings Mountain Systems, and An LDAP Roadmap & FAQ

• Work Topics
• Vocational Affiliations
• Talks
• Selected Works in Progress
• Selected Papers & Documents & Patents
• Related Topics and Resources of Interest
• Misc. Resources
• Avocational Affiliations

I'm presently on NeuStar's Liberty Alliance Project team (see below for bibliography of selected specifications I've co-authored). Also, I am a past co-chair of, and remain a contributor to, the OASIS Security Services Technical Committee (SSTC), which is developing the Security Assertion Markup Language (SAML).

Stanford work topics included...

• Directory Services (for some reason this page is now viewable by only certain logged-in stanford community members (sigh))
• Project Horton (out of date -- this now 404's (sigh))
• SUNet ID System (out of date -- this now 404's (sigh))
• Registries Project (out of date -- this now 404's (sigh))
• Public Key Infrastructure Project (out of date -- this now 404's (sigh))

---

Vocational Affiliations...

Liberty Alliance Project (I'm contributing to specification development) OASIS  Security Services Technical Committee (SAML) (I am a past co-chair of this TC) Internet Engineering Task Force (IETF)  "What the h#%@^ is the IETF?" you ask? See these quick references... Internet Protocol Journal IETF Document Repository Links A Novice's Guide to the IETF Internet Research Task Force A couple'o orgs I used to hang around a little bit when I worked at Stanford.. Common Solutions Group Internet2

• Co-authoring a specification composing SAMLv2 and SIP Identity in order to meet requirements for "Trait-based Authorization Requirements for the Session Initiation Protocol (SIP)":
  
  
  • SIP SAML Profile and Binding, H. Tschofenig, J. Hodges, J. Peterson, J. Polk, D. Sicker, Internet-Draft, work-in-progress, draft-ietf-sip-saml-00.txt, June 16, 2006.
    
    
• Defining a new, additional SAML binding that does not itself depend upon the XML Digital Signature specification (XMLdsig), and a new SAML Lightweight Web Browser SSO profile which makes use of the aforementioned binding:
  
  
  • SAMLv2: HTTP POST “SimpleSign” Binding, Jeff Hodges, Scott Cantor, working draft, OASIS SSTC, 29 Sep 2006, draft-hodges-saml-binding-simplesign-02.
    This binding employs a "sign the blob" approach to signing SAML messages (and thus contained assertions), thus enabling simplified, "lightweight" profiles. Note that conveyed SAML assertions or SAML protocol messages may or may not themselves be signed via XMLdsig.
    
    
  • SAMLv2 Lightweight Web Browser SSO Profile, Jeff Hodges, Scott Cantor, INTERNET-DRAFT, 19 June 2006, work in progress, draft-hodges-saml-lsso-00.txt.
    
    
• Writing a brief guide on how to go about "Learning SAML". The target audience is other protocol designers and/or protocol implementors.
  
• Now, if you're really bored, or simply innarested in LDAP-and-security-thereof esoterica, be sure to stop by my Works Perpetually In Progress page (heh heh)

• Various talks and panels



Includes my talks: Intro to Directory Services and LDAP, Registry and Directory Infrastructure at Stanford, LDAP Directory Services: Security, and Security Design for Application Protocols

---

Selected Papers & Documents & Patents...

• Using SAML to protect the session initiation protocol (SIP). Tschofenig, H. Falk, R. Peterson, J. Hodges, J. Sicker, D. Polk, J. IEEE Network, Sept.-Oct. 2006, Volume: 20, Issue: 5, On page(s): 14- 17, ISSN: 0890-8044.
  
  
• Liberty Technical Glossary, Version 2.0. J. Hodges, et al. Liberty Alliance Project, 2006.
  This spec, and the three following ones, are a portion of the spec set defining the Liberty ID-WSF v2 protocol suite. Additionally, I contributed to six other specs in the spec set.
  
  
• Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification, Version 2.0. J. Hodges, R. Aarts, P. Madsen, S. Cantor, et al. Liberty Alliance Project, 2006.
  This spec defines an approach to using the SASL protocol design pattern, in the ID-WSF v2 protocol suite context, to effect an authentication protocol. Additionally, it specifies an SSO Service and an Identity Mapping Service. It is an evolution of the ID-WSF v1.1 version, cited below.
  
  
• Liberty ID-WSF Discovery Service Specification, Version 2.0. J. Hodges, C. Cahill, et al. Liberty Alliance Project, 2006.
  This spec defines a simple service discovery protocol for the ID-WSF v2 protocol suite, and is an evolution of the ID-WSF v1.1 version. Its data model and on-the-wire representation leverages WS-Addressing "Endpoint References".
  
  
• Liberty ID-WSF SOAP Binding Specification, Version 2.0. J. Hodges, J. Kemp, R. Aarts, G. Whitehead, P. Madsen, et al. Liberty Alliance Project, 2006.
  This spec defines how ordinary ID-WSF messages are bound to SOAPv1.1 messages, as well as the ID-WSF SOAP header blocks effecting the "framework" portion of the "identity web services framwork".
  
  
• SAML V2.0 Executive Overview, Paul Madsen (ed.), Eve Maler, (ed.), Thomas Wisniewski, Tony Nadalin, Scott Cantor, Jeff Hodges, Prateek Mishra, OASIS SSTC Committee Draft, 12 April 2005.
  
  
• Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, John Hughes, Scott Cantor, Jeff Hodges, Frederick Hirsch, Prateek Mishra, Rob Philpott, Eve Maler (eds.), OASIS Standard, 15 March 2005.
  This spec, and the Glossary cited immediately below, are part of the SAMLv2 specfication set, on which I made various contributions in addition to co-editing these two specs. Additionally, I co-edited several of the SAMLv1.0 and SAMLv1.1 specifications.
  
  
• Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, Jeff Hodges, Rob Philpott, Eve Maler (eds.), OASIS Standard, 15 March 2005.
  
  
• application/samlassertion+xml MIME Media Type Registration, Jeff Hodges; Approved by IESG and registered with IANA on 15 December 2004.
  This MIME Media Type Registration, and the one cited immediately below, were the first ones performed in the so-called "standards tree" via the new "fast track" registration process (for MIME Media Types defined by SDOs other than the IETF) wherein publication of an RFC describing the new MIME Media Type being registered is not required. See RFC 4288. I authored the registration statements in collaboration with other SSTC members.
  
  
• application/samlmetadata+xml MIME Media Type Registration, Jeff Hodges; Approved by IESG and registered with IANA on 15 December 2004.
  
  
• Liberty ID-WSF Security and Privacy Overview, Version 1.0. S. Landau et al., 2003.
  
  
• Liberty v1.1: Architecture Overview. J. Hodges, T. Wason, 15-Jan-2003.
  
  
• Liberty v1.0: Architecture Overview. J. Hodges, editor/co-author, July 2002.
  
  
• A Brief Introduction to Liberty. Susan Landau and Jeff Hodges, Sun Labs Technical Report TR-2002-113, 16 August 2002.
  
  
• Risks Presented by Single Sign-On Architectures. Gary Ellison, Jeff Hodges, and Susan Landau, 18 October 2002. (.pdf, .ps)
  This document gives a simple and brief treatment of the risks presented by single sign-on architectures, and is intended for not-terribly-technical audiences.
  
  
• Security and Privacy Concerns of Internet Single Sign-On. Gary Ellison, Jeff Hodges, Susan Landau, 6 September 2002. (.pdf, .ps)
  This is a modestly detailed survey, painted in the context of Liberty ID-FF (nee Lib v1.x).
  
  
• LDAPv3: Technical Specification. J. Hodges, RL "Bob" Morgan. RFC 3377, September 2002.
  Definition of LDAPv3 in terms of which RFCs it consists of, and addressing the "IESG Note" gracing RFCs 2251 through 2256.
  
  
• Authentication Methods for LDAP. M. Wahl, H. Alvestrand, J. Hodges, R.L. Morgan. RFC 2829, May 2000.
  

• Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security. J. Hodges, R.L. Morgan, M. Wahl. RFC 2830, May 2000.
  

• Requirements and Approaches for a Publicly Visible Persistent Identifier for Person Entries in the Stanford University Enterprise Directory Service. Jeff Hodges, RL "Bob" Morgan, July 1998 (revised Aug 2006).
  

• Inter-Institutional Security Infrastructure: Analysis and Proposal. Authentication Project Planning Group Report, Common Solutions Group. T. Dimock, T. Hanss, J. Hodges (Editor), T. Ts'o, J. Vollbrecht. 26-Sep-1994.
  

• Shared Books: Collaborative Publication Management for an Office Information System, Brian T. Lewis, Jeffrey D. Hodges, ACM Conference on Office Information Systems, March 1988, Palo Alto, California. ACM 0-89791-261-6/88/0003/0197 (1MB .pdf)
  
  
• Updating local copy of shared data in a collaborative system. Sara A. Bly, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, Michael L. Tallan, Stephen B. Tom, US05220657, 06/15/1993.
  

• Representation of collaborative multi-user activities relative to shared structured data objects in a networked workstation environment. Sara A. Bly, A. Brady Farrand, Jeffery D. Hodges, Michael D. Kupfer, Brian T. Lewis, William J. Maybury, Michael L. Tallan, Stephen B. Tom, US05008853, 04/16/1991.