OpenSAML is a portable implementation of the Security Assertion Markup Language (SAML) standard for the formation and exchange of authentication, attribute, and authorization data using XML, as defined by OASIS. There are interfaces for a range of languages, including C++ and Java.
iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of Web browsers. It is available as a standalone Web server or CGI script. It continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes.
The Enterprise Sign On Engine (ESOE) allows an enterprise to meet its goals for identity management, single sign on, authorization, federation, and accountability for resource access in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's powerful authorization engine is built around a reduced version of the OASIS XACML 2.0 standard called Lightweight eXtensible Authorization Control Markup Language or "LXACML".
Jumblar is a tool that converts map coordinates into passwords. It hopes to provide increased user security by assuming that it is easier for people to remember a secret location than a strong password, and that a location that could be anywhere in the world is practically impossible for others to guess. By using this property of secret locations, secure passwords can be generated. SCrypt is used to protect user information.
Shibboleth is a standards-based middleware software package providing Web single-sign-on across or within organizational boundaries. It implements standards such as OASIS' SAML to provide a federated single-sign-on and attribute exchange framework. It also provides extended privacy functionality, allowing the browser user and their home site to control the attributes released to each application.
GridShib is a glue layer that transparently binds a grid service provider such as the Globus Toolkit to a role-based authentication and access control system such as Shibboleth, so as to provide fine-grained access controls to members of virtual and physical organizations within a grid without having to distribute and synchronize information about individual users between those organizations.
Keyczar is a cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys. Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface.