Introduction to SAML. Jason Rouault Section Architect Internet Security Solutions Lab Hewlett-Packard. An XML based Security Assertion Markup Language
|
|
- Winfred Cook
- 7 years ago
- Views:
Transcription
1 Introduction to SAML An XML based Security Assertion Markup Language Jason Rouault Section Architect Internet Security Solutions Lab Hewlett-Packard 1/18/2002 Introduction to SAML Page 1
2 Credits and Acknowledgements Eve Maler, Sun Microsystems Author of Original Presentation, SAML Basics Prateek Mishra, Netegrity Bob Morgan, University Washington Page 2
3 Problem Space SAML Concepts Agenda Scenario Walk Through Status of SAML and Related Standards Efforts A lot to cover in 45 minutes! 1/18/2002 Introduction to SAML Page 3
4 Problem Space Agenda Why invent SAML at all? SAML Concepts Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 4
5 The Problems SAML Tries to Solve Increasing trend toward inter-organizational distributed computing Many standards have emerged to facilitate this trend (ebxml, UDDI, WSDL, SOAP), yet there is no standard way to convey security attributes associated with the various inter-organizational interactions Permissions management data is shared in mostly proprietary ways Integrating new security features may require developing a lot of new code. (Expensive and Timely) The different systems that generate and use security data are very tightly coupled Web-based applications show the need for more federation We need to cross domains more easily Page 5
6 Example Scenarios 1. Authenticated users of Company.com need access to protected resources at Travel.com in order to make travel arrangements. Company.com users should not have to re-authenticate to Travel.com 2. Authenticated users of Company.com use an internal purchasing system to place orders for office supplies from Supplier.com Supplier.com needs to know the user and shipping address Supplier.com may also need to know if the user is authorized for the purchase Page 6
7 SAML Use Cases In More Detail SAML developed three use cases to drive its requirements: Single sign-on (SSO) Authorization service Back office transaction Each use case has one or more scenarios that provide a more detailed roadmap of interaction Page 7
8 SSO Use Case Adaptation Company.com 1. Authenticate Source Web Site Security Domain 1 Web User 2. Access to Resource Travel.com Destination Web Site Security Domain 2 Page 8
9 Authorization Service Use Case Adaptation Web User 1. Access Resource Security Domain 1 Policy Enforcement Point 2. Check Permission Policy Decision Point Company.com Page 9
10 Back Office Transaction Use Case Adaptation Web User 1. Authenticate and Place Order 2. Transaction Company.com Source Web Site Security Domain 1 Supplier.com Destination Web Site Security Domain 2 Page 10
11 What s Needed A standard XML message format It s just data traveling on any wire No particular API mandated Lots of XML tools available A standard message exchange protocol Clarity in orchestrating how you ask for and get the information you need Rules for how the messages ride on and in transport protocols For better interoperability Page 11
12 Problem Space SAML Concepts Agenda SAML Overview SAML Assertions Producers and Consumers of Assertions Message Exchange Protocol Bindings and Profiles Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 12
13 SAML Overview XML-based security specification for exchanging authentication and authorization information XML schema and definition for security assertions XML schema and definition for a request/response protocol Rules on using assertions with standard transport and messaging frameworks. Bindings and Profiles. It s an emerging OASIS standard Vendors and users are involved Codifies current system outputs rather than inventing new technology Page 13
14 Problem Space SAML Concepts Agenda SAML Overview SAML Assertions Producers and Consumers of Assertions Message Exchange Protocol Bindings and Profiles Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 14
15 SAML Assertions An assertion is a declaration of facts (statements) about a subject according to some assertion issuer (SAML Authority) An assertion may contain multiple assertion statements SAML has three kinds of assertion statements, all related to security: 1. Authentication 2. Attribute 3. Authorization Decision You can extend SAML to make your own kinds of assertions Assertions can be digitally signed Page 15
16 Information Common to All Assertions Issuer and issuance timestamp Assertion ID Subject Name plus the security domain Optional subject confirmation, e.g. public key Conditions under which assertion is valid SAML clients must reject assertions containing unsupported conditions Special kind of conditions: assertion validity period, audience restriction, and target restriction Additional advice E.g., to explain how the assertion was made Page 16
17 Authentication Assertion An issuing authority asserts that: subject S was authenticated by means M at time T Actually checking or revoking of credentials is not in scope for SAML 1.0 Password exchange Challenge-response Etc. It merely lets you link back to acts of authentication that took place previously Page 17
18 Example Authentication Assertion <saml:assertion MajorVersion= 1 MinorVersion= 0 AssertionID= Issuer= Company.com IssueInstant= T10:02:00Z > <saml:conditions NotBefore= T10:02:00Z NotAfter= T10:07:00Z /> <saml:authenticationstatement AuthenticationMethod= password AuthenticationInstant= T10:02:00Z > <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> </saml:authenticationstatement> </saml:assertion> Page 18
19 Attribute Assertion An issuing authority asserts that: subject S is associated with attributes A, B, with values a, b, c Typically this would be retrieved from a data repository of user information joeuser in Company.com is associated with attribute Department with value Engineering Page 19
20 Example Attribute Assertion <saml:assertion > <saml:conditions /> <saml:attributestatement> <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> <saml:attribute> <saml:attributedesignator AttributeName= Department AttributeNamespace= /> <saml:attributevalue> Engineering </saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> Page 20
21 Authorization Decision Assertion An issuing authority decides whether to grant the request: by subject S for access type A to resource R given evidence E Again, the subject could be a human or a program The resource could be a web page or a web service, for example Page 21
22 Example Authorization Decision Assertion <saml:assertion > <saml:conditions /> <saml:authorizationdecisionstatement Decision= Permit Resource= > <saml:actions Namespace= > <saml:action>execute</saml:action> </saml:actions> <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> </saml:authorizationdecisionstatement> </saml:assertion> Page 22
23 Problem Space SAML Concepts Agenda SAML Overview SAML Assertions Producers and Consumers of Assertions Message Exchange Protocol Bindings and Profiles Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 23
24 SAML Producer-Consumer Model Policy Policy Policy Credentials Collector Authentication Authority Attribute Authority Policy Decision Point SAML Authentication Assertion c Attribute Assertion Authorization Decision Assertion System Entity Application Request Policy Enforcement Point Page 24
25 This Model is Conceptual Only In practice, multiple kinds of authorities may reside in a single software system SAML allows, but doesn t require, total federation of these jobs Also, the arrows may not reflect information flow in real life Information can be pulled or pushed Not all assertions are always produced Not all potential consumers (clients) are shown Page 25
26 Problem Space SAML Concepts Agenda SAML Overview SAML Assertions Producers and Consumers of Assertions Message Exchange Protocol Bindings and Profiles Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 26
27 SAML Protocol for Getting Assertions SAML Assertion Request Relying Party c Asserting Party Assertion Response Assertion Page 27
28 Assertions are Normally Provided in a SAML Response Existing tightly coupled environments may need to use their own protocol They can use assertions without the rest of the structure The full benefit of SAML will be realized where parties with no direct knowledge of each other can interact Via a third-party introduction Page 28
29 Authentication Assertion Request What authentication assertions are available for this subject? A successful response is in the form of an assertion containing an authentication statement It is assumed that the requester and responder have a trust relationship They are talking about the same subject The response with the assertion is a letter of introduction for the subject Page 29
30 Example Authentication Assertion Request <samlp:request MajorVersion= 1 MinorVersion= 0 RequestID= > <samlp:authenticationquery> <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> </samlp:authenticationquery> </samlp:request> Page 30
31 Attribute Assertion Request Return the requested attributes for this subject The response is in the form of an assertion containing an attribute statement If the requester is denied access to some of the attributes, there are options for what gets returned Only the partial list of accessible attributes Either all of the attributes requested, or none Page 31
32 Example Attribute Assertion Request <samlp:request > <samlp:attributequery> <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> <saml:attributedesignator AttributeName= Department AttributeNamespace= > </saml:attributedesignator> </samlp:attributequery> </samlp:request> Page 32
33 Authorization Decision Assertion Request Is this subject allowed to access the specified resource in the specified manner, given this evidence? The response will be in the form of an assertion containing an authorization decision statement Page 33
34 Example Authorization Decision Assertion Request <samlp:request > <samlp:authorizationdecisionquery Resource= > <saml:subject> <saml:nameidentifier SecurityDomain= Company.com Name= joeuser /> </saml:subject> <saml:actions Namespace= > <saml:action>execute</saml:action> </saml:actions> <saml:evidence> <saml:assertion> some assertion </saml:assertion> </saml:evidence> </samlp:authorizationdecisionquery> </samlp:request> Page 34
35 Example Response <samlp:response MajorVersion= 1 MinorVersion= 0 ResponseID= InResponseTo= > <samlp:status> <samlp:statuscode Value= Success /> <samlp:statusmessage>some message</samlp:statusmessage> </samlp:status> <saml:assertion MajorVersion= 1 MinorVersion= 0 AssertionID= Issuer= Company.com"> <saml:conditions NotBefore= T10:00:00Z NotAfter= T10:05:00Z /> <saml:authenticationstatement>... </saml:authenticationstatement> </saml:assertion> </samlp:request> Page 35
36 Problem Space SAML Concepts Agenda SAML Overview SAML Assertions Producers and Consumers of Assertions Message Exchange Protocol Bindings and Profiles Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 36
37 Protocol Binding and Profile Concepts This is where SAML itself gets made secure A binding is the mapping of SAML request/response message exchanges into standard communication protocols. SOAP-over-HTTP binding is a baseline Other bindings will follow, e.g., raw HTTP A profile describes how SAML assertions are embedded into and extracted from a framework or protocol. Web browser profile for SSO SOAP profile for securing SOAP payloads Page 37
38 The SOAP-over-HTTP Binding SAML SOAP Message SOAP Header SOAP Body c Here we just use SOAP as the SAML request/response protocol transport mechanism SAML Request or Response Page 38
39 By Contrast, the SOAP Profile SAML SOAP Message SOAP Header SAML Assertion about SOAP Body c Here SAML is used to provide assertions about a resource in the SOAP Body of the same document SOAP Body... Page 39
40 Web Browser Profiles These profiles assume: A standard commercial browser and HTTP(S) User has authenticated to a local source site Assertion s subject refers implicitly to the user When a user tries to access a target site: A tiny authentication assertion reference travels with the request so the real assertion can be de-referenced Or a POST of the real assertion can occur Page 40
41 Problem Space SAML Concepts Scenario Walk Through Agenda SSO Pull Using Web Browser Profile Back Office Transaction Using SOAP Binding and SOAP Profile Status of SAML and related standards efforts 1/18/2002 Introduction to SAML Page 41
42 SSO Pull Scenario Using Web Browser Joe User Web User Company.com Authentication Authority + Attribute Authority Source Web Site Travel.com Policy Decision Point + Policy Enforcement Point Destination Web Site 1. Authenticate (out of SAML scope) 2. Access inter-site transfer URL 3. Redirect with artifact 4. Get assertion consumer URL 5. Request referenced assertion 6. Supply referenced assertion 7. Provide or refuse destination resource (out of SAML scope) Page 42
43 More on the SSO Pull Scenario Access inter-site transfer URL step: User has authenticated with: Clicks on a link that looks like it will take the user to It really takes the user to inter-site transfer URL: Redirect with artifact step: Reference to user s authentication assertion is generated as a SAML artifact (8-byte base64 string) User is redirected to assertion consumer URL, with artifact and target attached: Page 43
44 Problem Space SAML Concepts Scenario Walk Through Agenda SSO Pull Using Web Browser Profile Back Office Transaction Using SOAP Binding and SOAP Profile Status of SAML and related standards efforts 1/18/2002 Introduction to SAML Page 44
45 Back Office Transaction Scenario Joe User Web User Company.com Authentication Authority + Attribute Authority Source Site Supplier.com Policy Decision Point + Policy Enforcement Point Destination Site 1. Authenticate (out of SAML Scope) 2. Submit Purchase Order 3. Obtain Authentication and Attribute assertions 4. Send P.O. with attached assertions 5. Process assertions and P.O. 6. Send P.O. response (out of SAML Scope) Page 45
46 Another Back Office Transaction Scenario Buyer Authentication Authority + Attribute Authority Trusted Issuer Policy Decision Point + Policy Enforcement Point Seller 1. Authenticate (out of SAML Scope) 2, Request Authentication and Attribute assertions 3. Receive Authentication and Attribute assertions 4. Attach assertions to P.O. 5. Send P.O. 7. Send P.O. response (out of band) 6. Process assertions and P.O. Page 46
47 Problem Space Agenda SAML Concepts Scenario Walk Through Status of SAML and Related Standards Efforts 1/18/2002 Introduction to SAML Page 47
48 SAML Status Work started on 9 January 2001 From a base of S2ML and AuthXML Beta specs are available as of January 2002 Core assertion and protocol specification Bindings/profiles specification Conformance specification Security/privacy considerations specification Glossary Implementations are starting to appear JSAML Toolkit from Netegrity ( JSR 155 (Java Community Process) Page 48
49 Important Efforts Related to SAML IETF/W3C XML Signature Built into SAML for digitally signing assertions W3C XML Encryption and Canonicalization Not quite ready yet, but encryption will be important XKMS and its relatives An XML-based mechanism for doing PKI SAML traffic might be secured by XKMS-based PKI, by other PKI, or by other means entirely Page 49
50 More Efforts Related to Security and Identity OASIS XACML XML-based access control/policy language Could be the way PDPs talk to back-end policy stores OASIS Provisioning XML-based framework for user, resource, and service provisioning Liberty Alliance Identity solution for SSO of consumers and businesses Internet2 Higher-ed effort to develop advanced network applications and technologies Page 50
51 Thank you Page 51
SAML basics A technical introduction to the Security Assertion Markup Language
SAML basics A technical introduction to the Security Assertion Markup Language WWW2002 Eve Maler, XML Standards Architect XML Technology Center Sun Microsystems, Inc. Agenda The problem space SAML concepts
More informationSAML Security Assertion Markup Language
SAML Security Assertion Markup Language Dennis Kafura Draws heavily on: SAML basics: A technical introduction to the Security Assertion Markup Language, Eve Maler, Sun Microsystems 1 SAML in Context SAML
More informationImplementing Single Sign On in Java Technologybased
Implementing Single Sign On in Java Technologybased Web Services Rima Patel Sriganesh Technology Evangelist Sun Microsystems, Inc. Why Am I Here? Well Because I Hate to sign-on tens of times for using
More informationTechnical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 Technical Overview of the OASIS Security Assertion Markup Language (SAML) V1.1 Working Draft 01, 16 February 2004
More informationSTUDY ON IMPROVING WEB SECURITY USING SAML TOKEN
STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC
More informationDesign and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security
Design and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security Dongkyoo Shin, Jongil Jeong, and Dongil Shin Department of Computer
More informationSAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun
SAML Security Analysis Huang Zheng Xiong Jiaxi Ren Sijun outline The intorduction of SAML SAML use case The manner of SAML working Security risks on SAML Security policy on SAML Summary my course report
More informationOasis Security Services Use Cases And Requirements
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 Oasis Security Services Use Cases And Requirements Consensus Draft 1, 30 May 2001 Purpose This document describes
More informationMONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard
MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY ASR 2006/2007 Final Project Supervisers: Maryline Maknavicius-Laurent, Guy Bernard Federated Identity Project topic Superviser: Maryline Maknavicius
More informationSecurity Assertion Markup Language (SAML) 2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Security Assertion Markup Language (SAML) 2.0 Technical Overview Working Draft 03, 20 February 2005 Document identifier:
More informationSiebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006
Siebel CRM On Demand Single Sign-On An Oracle White Paper December 2006 Siebel CRM On Demand Single Sign-On Introduction... 3 Single Sign-On with Siebel CRM On Demand... 4 Customer Requirements... 4 SSO
More informationSetting Up Federated Identity with IBM SmartCloud
White Paper March 2012 Setting Up Federated Identity with IBM SmartCloud 2 Setting Up Federated Identity with IBM SmartCloud Notices Contents International Business Machines Corporation provides this publication
More informationAuthorization-Authentication Using
School of Computing Science, University of Newcastle upon Tyne Authorization-Authentication Using XACML and SAML Jake Wu and Panos Periorellis Technical Report Series CS-TR-907 May 2005 Copyright c 2004
More informationSecurity Assertion Markup Language (SAML)
CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable
More informationSingle Sign-On Scheme using XML for Multimedia Device Control in Children s Game Network based on OSGi service Platform
Single Sign-On Scheme using XML for Multimedia Device Control in Children s Game Network based on OSGi service Platform Dongkyoo Shin and Dongil Shin Department of Computer Engineering, Sejong University
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationSPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness
Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning
More informationTrusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents
Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Farrukh Najmi and Eve Maler farrukh.najmi@sun.com, eve.maler@sun.com Sun Microsystems, Inc. Goals for today's
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationThis chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:
CHAPTER 1 SAML Single Sign-On This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections: Junos Pulse Secure Access
More informationSecuring Web Services With SAML
Carl A. Foster CS-5260 Research Project Securing Web Services With SAML Contents 1.0 Introduction... 2 2.0 What is SAML?... 2 3.0 History of SAML... 3 4.0 The Anatomy of SAML 2.0... 3 4.0.1- Assertion
More informationFederated Identity Management Solutions
Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationSingle Sign-on Systems SS5
Single Sign-on Systems SS5 Scenario Going to travel Sign in for booking flight ticket Sign in for booking hotel room Sign in for renting a car Multi sign on is troublesome Is it possible to just sign-on
More informationKerberos SAML Profiles
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Kerberos SAML Profiles Working Draft 02, 1 st February 2004 Document identifier: draft-sstc-solution-profile-kerberos-02 Location:
More informationHow to Implement Enterprise SAML SSO
How to Implement Enterprise SSO THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY How to Implement Enterprise SSO Introduction Security Assertion Markup Language, or, provides numerous The advantages and
More informationSAML and OAUTH comparison
SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single
More informationT his feature is add-on service available to Enterprise accounts.
SAML Single Sign-On T his feature is add-on service available to Enterprise accounts. Are you already using an Identity Provider (IdP) to manage logins and access to the various systems your users need
More informationSAML:The Cross-Domain SSO Use Case
SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397
More informationWeb Services Trust and XML Security Standards
Web Services Trust and XML Security Standards Date: April 9, 2001 Version: 1.0 Copyright 2001-2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationInteroperable Provisioning in a Distributed World
Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)
More informationTIB 2.0 Administration Functions Overview
TIB 2.0 Administration Functions Overview Table of Contents 1. INTRODUCTION 4 1.1. Purpose/Background 4 1.2. Definitions, Acronyms and Abbreviations 4 2. OVERVIEW 5 2.1. Overall Process Map 5 3. ADMINISTRATOR
More informationSingle Sign-On Implementation Guide
Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationXML Signatures in an Enterprise Service Bus Environment
XML Signatures in an Enterprise Bus Environment Eckehard Hermann Research & Development XML Integration Uhlandstraße 12 64297 Darmstadt, Germany Eckehard.Hermann@softwareag.com Dieter Kessler Research
More information2015-11-30. Web Based Single Sign-On and Access Control
0--0 Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationJava Security Web Services Security (Overview) Lecture 9
Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and
More informationAmeritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines
Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...
More informationOpenSSO: Cross Domain Single Sign On
OpenSSO: Cross Domain Single Sign On Version 0.1 History of versions Version Date Author(s) Changes 0.1 11/30/2006 Dennis Seah Contents Initial Draft. 1 Introduction 1 2 Single Domain Single Sign-On 2
More informationThis Working Paper provides an introduction to the web services security standards.
International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationToken specification for Energinet.dk DataHub
Token specification for Energinet.dk DataHub Author: Jakob Gadegaard Bendixen, Signaturgruppen A/S Review: Peter Buus, Morten Storm Petersen, Thomas Mostrup Nymand Version: 0.4 Introduction The purpose
More informationRun-time Service Oriented Architecture (SOA) V 0.1
Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...
More informationTest Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0
Test Plan Security Assertion Markup Language Protocol Interface BC-AUTH-SAML 1.0 SAP WebAS 6.40 Version 1.0 1.0 1 Copyright Copyright 2004 SAP AG. All rights reserved. No part of this documentation may
More informationExtending DigiD to the Private Sector (DigiD-2)
TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.
More informationSecurity Assertion Markup Language (SAML) V2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Security Assertion Markup Language (SAML) V2.0 Technical Overview Working Draft 10, 9 October 2006 Document
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationExecutive Overview of the Security Assertions Markup Language (SAML) v2.0
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Executive Overview of the Security Assertions Markup Language (SAML) v2.0 Working Draft 01, 1830 June 2004 Document identifier: sstc-saml-exec-overview-2.0-draft-010
More informationOIOSAML Rich Client to Browser Scenario Version 1.0
> OIOSAML Rich Client to Browser Scenario Version 1.0 Danish Agency for Digitization December 2011 Contents > 1 Introduction 4 1.1 Purpose 1.2 Background 4 4 2 Goals and Assumptions 5 3 Scenario Details
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationAssertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 OASIS Standard,
More informationCompass Security. [The ICT-Security Experts] SAML 2.0 [Beer Talk Berlin 2/16/2016] Stephan Sekula
Compass Security [The ICT-Security Experts] SAML 2.0 [Beer Talk Berlin 2/16/2016] Stephan Sekula Compass Security Deutschland GmbH Tauentzienstr. 18 De-10789 Berlin Tel. +49 30 21 00 253-0 Fax +49 30 21
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationUsing SAML for Single Sign-On in the SOA Software Platform
Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software
More informationWeb Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards For Um For um: Meeting to tell people that everyone agrees on an issue Walk the
More informationSAML Security Option White Paper
Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions
More informationSAML Federated Identity at OASIS
International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for
More informationAccess Control in Distributed Systems. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control in Distributed Systems Murat Kantarcioglu Topics Overview SAML XACML Overview Security for distributed systems has been widely
More informationOIO Web SSO Profile V2.0.5
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
More informationServer based signature service. Overview
1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...
More informationAn SAML Based SSO Architecture for Secure Data Exchange between User and OSS
An SAML Based SSO Architecture for Secure Data Exchange between User and OSS Myungsoo Kang 1, Choong Seon Hong 1,Hee Jung Koo 1, Gil Haeng Lee 2 1 Department of Computer Engineering, Kyung Hee University
More informationLiberty Alliance. CSRF Review. .NET Passport Review. Kerberos Review. CPSC 328 Spring 2009
CSRF Review Liberty Alliance CPSC 328 Spring 2009 Quite similar, yet different from XSS Malicious script or link involved Exploits trust XSS - exploit user s trust in the site CSRF - exploit site s trust
More informationSAML Authentication Quick Start Guide
SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.
More informationCA Nimsoft Service Desk
CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationNIST s Guide to Secure Web Services
NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:
More informationPARTNER INTEGRATION GUIDE. Edition 1.0
PARTNER INTEGRATION GUIDE Edition 1.0 Last Revised December 11, 2014 Overview This document provides standards and guidance for USAA partners when considering integration with USAA. It is an overview of
More informationTitle: A Client Middleware for Token-Based Unified Single Sign On to edugain
Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de
More informationE-Authentication Federation Adopted Schemes
E-Authentication Federation Adopted Schemes Version 1.0.0 Final May 4, 2007 Document History Status Release Date Comment Audience Template 0.0.0 1/18/06 Outline PMO Draft 0.0.1 1/19/07 Initial draft Internal
More informationIAM Application Integration Guide
IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationInteroperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this.
Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this. Scott McGrath COO Organization for the Advancement of Structured Information Standards A diverse
More informationIdentity Federation Management to make Operational and Business Efficiency through SSO
2012 International Conference on Industrial and Intelligent Information (ICIII 2012) IPCSIT vol.31 (2012) (2012) IACSIT Press, Singapore Identity Federation Management to make Operational and Business
More informationNEMSIS v3 Web Services Guide
NEMSIS TAC Whitepaper NEMSIS v3 Web Services Guide Date November 2, 2011 November 14, 2011 (FINAL) April 24, 2012 (Updated) May 09, 2012 (Updated) August 27, 2012 (updated) September 13, 2012 (updated)
More informationProfiles for the OASIS Security Assertion Markup Language (SAML) V2.0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 OASIS Standard,
More informatione-filing Secure Web Service User Manual
e-filing Secure Web Service User Manual Page1 CONTENTS 1 BULK ITR... 6 2 BULK PAN VERIFICATION... 9 3 GET ITR-V BY TOKEN NUMBER... 13 4 GET ITR-V BY ACKNOWLEDGMENT NUMBER... 16 5 GET RETURN STATUS... 19
More informationSCUR203 Why Do We Need Security Standards?
SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand
More informationCloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper
Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper TABLE OF CONTENTS INTRODUCTION... 3 Where we came from... 3 The User s Dilemma with the Cloud... 4 The Administrator
More information17 March 2013 NIEM Web Services API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/
17 March 2013 NIEM Web Serv vices API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/ i Change History No. Date Reference: All, Page, Table, Figure, Paragraph A = Add.
More informationBUSINESS PROCESS AND EBXML - WEB SERVICES INTEGRATION PLATFORM, REQUIREMENTS, ARCHITECTURES, SECURITY
1 2 BUSINESS PROCESS AND EBXML - WEB SERVICES INTEGRATION PLATFORM, REQUIREMENTS, ARCHITECTURES, SECURITY 1 Carmen RĂDUŢ, 2 Maria STĂNILOIU 1 Universitatea Constantin Brâncoveanu PITEŞTI 2 Universitatea
More informationFederated Identity and Single Sign-On using CA API Gateway
WHITE PAPER DECEMBER 2014 Federated Identity and Single Sign-On using Federation for websites, Web services, APIs and the Cloud K. Scott Morrison VP Engineering and Chief Architect 2 WHITE PAPER: FEDERATED
More informationIBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide
IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices
More informationGlossary for the OASIS Security Assertion Markup Language (SAML) V2.0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0 Working Draft
More informationWeb Services Security with SOAP Security Proxies
Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure
More informationTrait-based Authorization Mechanisms for SIP Based on SAML
Trait-based Authorization Mechanisms for SIP Based on SAML Douglas C. Sicker, University of Colorado Boulder Hannes Tschofenig, Siemens Jon Peterson, Neustar Abstract - This paper presents a method for
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationINTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE
INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by
More informationRSA Secured Implementation Guide for VPN Products
RSA Secured Implementation Guide for VN roducts Last Modified August 27, 2004 1. artner Information artner Name Juniper Networks Web Site http://www.juniper.com/ roduct Name Juniper Networks NetScreen-SA
More informationPrinciples and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)
Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationTest Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0 Version 3.2.2 Editor: Kyle Meadors, Drummond Group Inc. Abstract: This document describes the test steps to
More informationIVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0
International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices
More informationOpen Data Center Alliance Usage: Single Sign On Authentication REv. 1.0
sm Open Data Center Alliance Usage: Single Sign On Authentication REv. 1.0 Table of Contents Legal Notice... 3 Executive Summary... 4 Reference Framework... 5 Applicability... 6 Related Usage Models...
More informationSecurity Assertion Markup Language (SAML) V2.0 Technical Overview
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 Security Assertion Markup Language (SAML) V2.0 Technical Overview Committee Draft 02 25 March 2008
More informationSecure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics
Secure Credential Federation for Hybrid Cloud Environment with SAML Enabled Multifactor Authentication using Biometrics B.Prasanalakshmi Assistant Professor Department of CSE Thirumalai Engineering College
More informationSingle Sign-On Implementation Guide
Version 27.0: Spring 13 Single Sign-On Implementation Guide Last updated: February 1, 2013 Copyright 2000 2013 salesforce.com, inc. All rights reserved. Salesforce.com is a registered trademark of salesforce.com,
More informationRevised edition. OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Includes errata and minor clarifications
OIO Web SSO Profile V2.0.9 (also known as OIOSAML 2.0.9) Revised edition Includes errata and minor clarifications Danish Agency for Digitisation September 2012 Contents > 1 Introduction 8 1.1 Referenced
More information