Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Slides:

Advertisements

Similar presentations

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

Advertisements

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Implementing an Enterprise Security System for Internet Authentication and Authorization Ken Patterson, CISSP Information Security Officer Harvard Pilgrim.

WS-Security TC Christopher Kaler Kelvin Lawrence.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

SAML basics A technical introduction to the Security Assertion Markup Language Eve Maler XML Standards Architect XML Technology Center Sun Microsystems,

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Single Sign-On -Mayuresh Pardeshi M.Tech CSE - I.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Web Service Standards, Security & Management Chris Peiris

SWITCHaai Team Introduction to Shibboleth.

All Contents © 2007 Burton Group. All rights reserved. Addressing Interoperability Challenges June 12 & 13, 2007 Gerry Gebel VP & Service Director

Identity Management Report By Jean Carreon and Marlon Gonzales.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Integrating with UCSF’s Shibboleth system

October 2, 2001 SAML RL "Bob" Morgan, University of Washington.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.

SAML 2.0: Federation Models, Use-Cases and Standards Roadmap

Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.

An XML based Security Assertion Markup Language

Authority of Information Technology Application National Center of Digital Signature Authentication Ninh Binh, June 25, 2010.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.

Shibboleth: An Introduction

Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

What is the Liberty Alliance ? A business alliance, formed in Sept 2001, with the goal of establishing an open standard for federated identity management.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

XACML eXtensible Access Control Markup Language XML World September San Francisco, CA Simon Y. Blackwell Chairperson, XACML Technical Committee.

January 9, 2002 Security Assertion Markup Language (SAML) RL "Bob" Morgan, University of Washington.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

Review of Liberty Alliance 1.1 Web Browser Profiles Prateek Mishra Netegrity.

Using WS-I to Build Secure Applications Anthony Nadalin Web Services Interoperability Organization (WS-I) Copyright 2008, WS-I, Inc. All rights reserved.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Security Assertion Markup Language (SAML) Interoperability Demonstration.

Fidelity Feedback on SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments.

EMI is partially funded by the European Commission under Grant Agreement RI Federated Grid Access Using EMI STS Henri Mikkonen Helsinki Institute.

SAML Interoperability Lab RSA Conference Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo.

SAML basics A technical introduction to the Security Assertion Markup Language Eve Maler XML Standards Architect XML Technology Center Sun Microsystems,

August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security Discussion 1. WS-* Standards 2. WS-Securtiy Interop&Implementations 3. Customer demands.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Access Policy - Federation March 23, 2016

Using Your Own Authentication System with ArcGIS Online

Federation made simple

HMA Identity Management Status

Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Tim Bornholtz Director of Technology Services

User Registration.

InfiNET Solutions 5/21/

Presentation transcript:

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity

Agenda SAML Intro SAML Status SAML InterOp Details Relationship to other efforts

What is SAML? Security Assertion Markup Language Framework for exchange of security-related information - e.g. assertions These assertions about authentication and authorization are expressed as XML documents

What problem does it solve? Identity Federation – Provides technology to allow a business to securely interact with users originating from its vendors, suppliers, customers etc. Fine Grained Authorization – Users may authenticate at one site and be authorized by another

What are SAML Profiles? A “profile” describes how SAML should be used to solve some business problem Web browser profiles for Single-Sign On – Part of SAML 1.0 WS-Security profile for securing web services – Currently under development by the SSTC

SAML is NOT… A new form of authentication An alternative to WS-Security Limited to legacy applications Limited to web browser applications Limited to web services security

SAML Status Developed within OASIS by the security services technical committee (SSTC) SSTC voted to accept as committee specification on 16 April 2002 Submitted to OASIS for acceptance as an OASIS standard on 28 May 2002 – Anticipate approval 1 Nov 2002 Several products available today with many announced for near future

SAML InterOp Details 12 Vendors --- Baltimore Technologies, Crosslogix, ePeople, Entegrity Solutions, IBM/Tivoli, Netegrity, Novell, Oblix, OverXeer, RSA Security, Sigaba, Sun Microsystems Each vendor implements the SAML web browser profile for SSO

Types of Sites in the InterOp Portal Site – Simulates a govt. or enterprise portal – User logs into portal and selects services or content available from “other” sites Content (Application) Site – Simulates a service or content provider Most vendors implement both types of sites

interOp Flows username password Content Site 1 Content Site 2 Content Site 3 Content Site 4 Links to Site 1 Links to Site 2 Links to Site 3 Links to Site 4 Login using: Browser

Demonstration Scenario Sign on to any portal Click thru to any content site Content site will display user attributes transmitted from portal and generate appropriate content

InterOp Message Exchange Portal Web User Source Web Site Destination Web Site Application Authenticate (out of band) Access inter-site transfer URL Redirect with artifact Get assertion consumer URL Request referenced assertion Supply referenced assertion Provide or refuse destination resource (out of band)

Browser Profile vs. MS Passport MS Passport requires use of single site where users must authenticate – SAML browser profile allows user’s to authenticate at their “home site” portal MS Passport requires proprietary software at content site – Software from any vendor implementing SAML browser profile can be used at portal or content sites

SAML and Liberty Alliance Builds on SAML and Web Browser Profiles Explicit policy framework for federation Adds additional protocol layers – logout, where-are-you-from service

Credits Hard work by all demo participants Equipment and Software provided by: RSA Security, SUN Microsystems, Baltimore Technologies Special thanks to: Don Bowen, Rob Philpott, Irving Reid

InterOp Users User: alice, Password: alice MemberLevel: bronze User: ravi, Password: ravi MemberLevel: silver User: joe, Password: joe MemberLevel: gold