SAML New Features and Standardization Status

Slides:

Advertisements

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Advertisements

1© Nokia Siemens Networks SAML Name Identifier Request-Response Protocol Contribution to OASIS Security Services TC Christian Günther, Thinh Nguyenphu.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SWITCHaai Team Introduction to Shibboleth.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

OASIS XACML TC and Rights Language TC Hal Lockhart

SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Navigating the Standards Landscape Andrew Owen SEARCH.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

Shibboleth: An Introduction

Comments on SAML Attribute Mgmt Protocol Contribution to OASIS Security Services TC Phil Hunt & Prateek Mishra

Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Voting members Kathryn Breininger.

8 Copyright © 2004, Oracle. All rights reserved. Making the Model Secure.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

EbXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.

SAML 2.0 and Related Work in XACML and WS-Security Hal Lockhart BEA Systems.

Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.

International Planetary Data Alliance Registry Project Update September 16, 2011.

Security Assertion Markup Language, v2.0 Chad La Joie Georgetown University / Internet2.

Shibboleth Identity Provider Version 3

Access Policy - Federation March 23, 2016

Dr. Michael B. Jones Identity Standards Architect at Microsoft

Using Your Own Authentication System with ArcGIS Online

HMA Identity Management Status

Federation made simple

OGSA-WG Basic Profile Session #1 Security

Shibboleth Roadmap

INDUSTRY WORKSHOP STORK OVERVIEW 2nd Industry Group – 26 June, 2009

Web Experience Management Interoperability TC

Discussion about Use Case and Architecture in Developer Guide

HMA Identity Management Status

European AFS & Kerberos Conference 2010

Identity management Aalto University, autumn 2013.

OASIS Symposium Lightning Round

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

OpenID Connect Working Group

KMIP Entity Object and Client Registration

SARIF TC Timeline Proposed, approximate.

Put SAML assertion in context

Office 365 Identity Management

Tim Bornholtz Director of Technology Services

UK Access Management Federation

Web-based Imaging Management System Including CIM Realignment

Printer Working Group Face-to-Face Meeting 19 February 2007

INTEGRATIONS WITH Single Sign-On

Presentation transcript:

SAML New Features and Standardization Status Prepared for ITU-T by Hal Lockhart Oracle September 17, 2009

Status Overview SAML 2.0 - OASIS Standard - March 2005 ITU-T Rec. X.1141 – June 2006 Work since 2005 has consisted of defining additional Profiles 2 Oasis Standards [noted as “(OS)”] 15 Committee Specifications XSPA Profile submitted for Oasis Standard vote 1 Committee Draft [noted as “(CD)”] Errata & Updated Technical Overview

Post 2.0 Profiles by Category Metadata Metadata Profile for SAML V1.x (OS) Using metadata with prior versions Metadata Extension for SAML V2.0 and V1.x Query Requesters (OS) Metadata associated with queries Metadata Extension for Entity Attributes Metadata about Subjects and Attributes Metadata Interoperability Profile

Post 2.0 Profiles by Category Attributes SAML V2.0 Attribute Extensions Defines additional attribute properties Will be added to as needed Attribute Sharing Profile for X.509 Authentication-Based Systems Attribute queries for X.509 Attributes Subject DN is lookup key

Post 2.0 Profiles by Category Holder of Key Holder-of-Key Assertion Profile How to use X.509 with SAML Assertions Holder-of-Key Web Browser SSO Profile Uses TLS and an off the shelf browser Enables SAML capabilities by cryptographically secure means Additional attributes may be provided

Post 2.0 Profiles by Category Deployment Subject-based Profiles for SAML V1.1 Assertions Enables mixed SAML 2.0 & 1.x deployments Deployment Profiles for X.509 Subjects Enables interoperability in X.509 environments

Post 2.0 Profiles by Category New Protocols Identity Provider Discovery Service Protocol Alternative to the IDP discovery protocol in SAML 2.0 Protocol Extension for Third-Party Requests Request to send Assertion to a 3rd Party

Post 2.0 Profiles by Category Authentication Context Protocol Extension for Requested Authentication Context More flexible queries for AuthN Context Shared Credentials Authentication Context Extension Adds ability to distinguish shared credentials Text-Based Challenge/Response Token Authentication Context Additional AuthN Context definitions

Post 2.0 Profiles by Category Other Cross-Enterprise Security and Privacy Authorization (XSPA) Profile Attribute definitions for Healthcare X.500/LDAP Attribute Profile Fixes bug in SAML 2.0 HTTP POST “SimpleSign” Binding (CD) Defines an easier to implement signature

Errata and Non-normative Approved Errata Official under OASIS TC process SAML 2.0 Technical Overview Greatly improved Many diagrams, usecases, etc.

Projected Status - Spring 2010 Likely OASIS Standards Metadata Profile for SAML 1.x Metadata Extension for SAML V2.0 and V1.x Query Requesters XSPA Profile (Healthcare) Approved Errata Other specifications generally awaiting implementations