SAML Interoperability Lab RSA Conference 2004
Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo
SAML and the OASIS SSTC SAML: Security Assertion Markup Language —A framework for the exchange of security-related information Developed within OASIS, a non-profit with a standards creation mission — The OASIS Security Services Technical Committee (SSTC) manages the development of SAML Any OASIS member can participate in the SSTC —~35 active SSTC voting members (up from V1.1) —20+ companies and organizations
Brief SAML History SAML is a success because its development was and continues to be driven by real business use cases —Web SSO —Authorization Services —Distributed Transactions Very strong “coopetition” Focus, focus, focus! —Very careful prioritization of work items SAML solutions: —Save $$$ —Create new business opportunities
SAML Timeline SAML 1.0 Completed: May 2002 OASIS Standard: Nov 2002 SAML 1.1 Completed: May 2003 OASIS Standard: Sep 2003 LA 1.1 January 2003 ID-FF 1.2 October 2003 Shibboleth 1H 2003 Formally submitted to the SSTC SAML 2.0 mid-2004 LA: Liberty Alliance ID-FF: Identity Federation Framework
SAML Interop Lab Participants 12 Participants —Computer Associates —DataPower Technology —Entegrity Solutions —Entrust —GSA/Enspier Technologies —Hewlett-Packard GSA Sponsorship —eGov eAuthentication Initiative —Oblix —OpenNetwork —Ping Identity —RSA Security —Sun Microsystems —Trustgenix
SAML Interop Lab Overview 3 Days of Interop Testing Web SSO Interoperability —2 Demos: “eAuthentication” and “generic SAML” —3 Web Sites Portal Identity Provider - where you log in Service Provider - where an application lives —2 SAML Web SSO “Profiles” Browser/Artifact Profile (10 vendors) Browser/POST Profile (8 vendors) Attribute Query for web service authorization (1 scenario) Results in ~100 test cases!
SAML Interop Lab Web SSO Demo Focus on eAuthentication Architecture Demonstrate 3-site exchanges 1.Visit Portal 2.Choose an application site and a user logon site 3.Logon with username/password 4.Web SSO to the chosen application 5.Re-visit portal to choose another application 6.Web SSO to next application without re-authenticating Note the application customization based on user attributes obtained from the logon site
Wrapup Questions? On to the demo!
Browser/Artifact Profile
Browser/POST Profile