The term identity-based web service in this context means web services that act on behalf of a user or are personalized with the user's data in contrast to normal web services which do not execute in the context of a particular user.
Denmark took a buffet (dare I say smorgasborg?) approach - picking and choosing from available specs and profiling them as necessary, defining:
- OIO WS-Trust Profile
- OIO WS-Trust Deployment Profile
- Liberty Basic SOAP Binding
- OIO Bootstrap Token Profile
- OIO SAML Profile for Identity Tokens
I do wonder why the discussion of the identity-based model (ie where the identity of the user is captured in a security token within the web services call) doesn't contrast this model with the so-called 'password anti-pattern'? Presumably its not the scourge in eGovernment applications that it is in Web 2.0.