Identity and Access Management

Federated Identity & Authorization Management

Safe Society Labs provides a dedicated expertise and technology solution for single sign-on (SSO) and authorisation for federated service provisioning models. The federated identity and authorization solution is based on the SAML standard with support for various types user authentication mechanisms based on username/password and X.509 certificates. The certificate-based authentication and authorization supports several Spain national level certificates, among those  FNMT certificates and DNIe.

A customised version of the federated identity and authorization management solution can be provided on demand along with a demo on its functionality and technical specification. High-level architecture and functionality can be found here (in Spanish).

Negotiation-based Authorization Service

S2Labs offers an advanced, certificate-based access control service, called iAccess.

iAccess is an authorisation service based on automated trust establishment methodology. An iAccess client interacts with an iAccess service to get authorisation to access resources. iAccess implements a negotiation protocol based on which an automated negotiation process is established between the iAccess client and the iAccess service. The access control model behind iAccess guarantees minimum necessary credential exchange to negotiate access to resources, and protection of sensitive credential data from undesired/unintended disclosure.

iAccess provides a suitable authorisation solution and technology for an open service provisioning environment with potentially unknown entities and higher level requirement of access control protection.

Identity and Access Management

S2Labs provides an open-source version of iAccess available at:

The iAccess service can be customised to various service-oriented architectures and cloud computing environments. S2Labs has developed a customised version of iAccess, wrapped within a security proxy component, and deployed within a software platform called OKKAM Entity Name System.

The ENS platform is available at