Draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82.

Slides:



Advertisements
Similar presentations
Shibboleth 2.0 and Beyond Chad La Joie Georgetown University Internet2.
Advertisements

ABFAB for Internet-of-Things Rhys Smith, Janet Sam Hartman & Margaret Wasserman, Painless Security.
OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002.
SOAP.
SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
Key Negotiation Protocol & Trust Router draft-howlett-radsec-knp ABFAB, IETF March, Prague.
ABFAB Architecture Jim Schaad August Cellars. Previous Updates -01 – Resolved a number of review comments in the tracker -02 – Expanded Section 2 – Architecture.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ Web Services Overview Mary Grammatikou 9/06/2009.
Middleware for P2P architecture Jikai Yin, Shuai Zhang, Ziwen Zhang.
ABFAB Multihop Federations draft-mrw-abfab-multihop-fed-01.txt Margaret Wasserman
Multihop Federations & Trust Router draft-mrw-abfab-multihop-fed-02.txt draft-mrw-abfab-trust-router-01.txt Margaret Wasserman
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 20 RADIUS and Internet Authentication Service.
Web services A Web service is an interface that describes a collection of operations that are network-accessible through standardized XML messaging. A.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)
A RADIUS Attribute for SAML Messages draft-ietf-abfab-aaa-saml-01 ABFAB, IETF 80.
SAML Conformance Sub-Group Report Face-to-face meeting August 29, 2001 Bob Griffin.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
SWITCHaai Team Introduction to Shibboleth.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
1 ID-WSF Basics Preparation for External Submission of ID-WSF components.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Kanda Runapongsa Dept. of Computer Engineering Khon Kaen University.
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
Identities and Network Access Identifier in M2M Page 1 © GPP2 3GPP2 and its Organizational Partners claim copyright in this document and individual.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
Project Moonshot update ABFAB, IETF 80. About Moonshot Moonshot is implementing ABFAB Developer meeting, 24 March 2011 Testing event, 25 March 2011 A.
July 16, Diameter EAP Application (draft-ietf-aaa-eap-02.txt) on behalf of...
Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
An XML based Security Assertion Markup Language
Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.
OTP-ValidationService John Linn, RSA Laboratories 11 May 2005.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.
11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
1 RADIUS Mobile IPv6 Support draft-ietf-mip6-radius-01.txt Kuntal Chowdhury Avi Lior Hannes Tschofenig.
Draft-ietf-abfab-aaa-saml Josh Howlett IETF 90. Remaining issues (recap from IETF 89) SAML naming of AAA entities The focus of this presentation Alejandro.
Draft-ietf-dime-ikev2-psk-diameter-0draft-ietf-dime-ikev2-psk-diameter-08 draft-ietf-dime-ikev2-psk-diameter-09 in progress Diameter IKEv2 PSK: Pre-Shared.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Service Component Architecture (SCA) Policy TC … Face to Face Agenda – Jan 24,
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Security Assertion Markup Language (SAML) Interoperability Demonstration.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.
TLS Renegotiation Vulnerability IETF-76 Joe Salowey Eric Rescorla
IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)
Web Services Blake Schernekau March 27 th, Learning Objectives Understand Web Services Understand Web Services Figure out SOAP and what it is used.
University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.
RADIUS attributes commonly used in fixed networks draft-klammorrissette-radext-very-common-vsas-00 Devasena Morrissette, Frederic Klamm, Lionel Morand.
Draft-howlett-abfab-trust-router-ps ABFAB, IETF83 Josh Howlett & Margaret Wasserman.
CLASSe PROJECT: IMPROVING SSO IN THE CLOUD Alejandro Pérez Rafael Marín Gabriel López
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
EAP Applicability IETF-86 Joe Salowey. Open Issues Open Issues with Retransmission and re- authentication Remove text about lack of differentiation in.
SAML New Features and Standardization Status
HMA Identity Management Status
Diameter ABFAB Application
Presentation transcript:

draft-ietf-abfab-aaa-saml Josh Howlett, JANET IETF 82

SAML RADIUS binding & SAML RADIUS attribute Abfab Authentication Profile & Abfab Assertion Request Profile In SAML, bindings typically use HTTP or SOAP transport. ABFAB is defining a RADIUS binding.

SAML RADIUS Attribute | Type | Length | SAML Message

SAML RADIUS Binding SAML requester is RADIUS client / RP SAML responder is RADIUS server / IdP SAML protocol message is encapsulated within (and fragmented across multiple instances of) the SAML RADIUS attribute NAI is used to route RADIUS messages from the SAML requester towards the SAML responder Attribute is currently defined independently of the Binding, to facilitate use in other contexts – is that actually useful, or a complication?

Abfab Authentication Profile A profile of the SAML Authentication Request Protocol that uses the SAML RADIUS binding

Abfab Assertion Request Profile TODO Intend to specify a profile of SAML “Assertion Query and Request Protocol” using the SAML RADIUS binding Requirements – Request assertion from authentication IdP, after authentication – Request assertions from other attribute sources

Issue: document name Name includes “aaa”, but only discusses RADIUS Currently named “A RADIUS Attribute, Binding and Profiles for SAML” Sufficient?

Issue: signatures Use of SAML signatures – Profile (but not binding) currently prohibits use of SAML signatures Encourage use of transport integrity protection, reducing deployment complexity Reduce size of SAML messages – Limited support – Proposal: require NASes to default NOT to check signatures; and indicate that signatures are not required

Issue: SAML payload size RADIUS message MTU of 4kb, but SAML messages can be arbitrarily large – Option 1: Do nothing – Option 2: If >4kb, advise deployments to use Diameter – Option 3: Use a SAML SOAP-based transaction to request attributes or resolve an artifact – Option 4: Develop a RADIUS-based mechanism to fragment large payloads over multiple RADIUS messages

Todo Fix various nits Define attribute request profile

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.