OpenSAML is a portable implementation of the Security Assertion Markup Language (SAML) standard for the formation and exchange of authentication, attribute, and authorization data using XML, as defined by OASIS. There are interfaces for a range of languages, including C++ and Java.
Shibboleth is a standards-based middleware software package providing Web single-sign-on across or within organizational boundaries. It implements standards such as OASIS' SAML to provide a federated single-sign-on and attribute exchange framework. It also provides extended privacy functionality, allowing the browser user and their home site to control the attributes released to each application.
The Enterprise Sign On Engine (ESOE) allows an enterprise to meet its goals for identity management, single sign on, authorization, federation, and accountability for resource access in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's powerful authorization engine is built around a reduced version of the OASIS XACML 2.0 standard called Lightweight eXtensible Authorization Control Markup Language or "LXACML".
Sleutel is a multi-platform password manager that is written using the Eclipse Rich Client Platform (RCP). Its goal is to manage password/ID pairs for accessing Web sites and to provide an example RCP application. It features configurable password generation, labeling of password entries (a la GMail), an intuitive UI following the Eclipse model, merge capabilities, and the ability to track usage count and dates of password entries. Sleutel is the Dutch word for key.
GridShib is a glue layer that transparently binds a grid service provider such as the Globus Toolkit to a role-based authentication and access control system such as Shibboleth, so as to provide fine-grained access controls to members of virtual and physical organizations within a grid without having to distribute and synchronize information about individual users between those organizations.
Keyczar is a cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys. Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface.