SAML Right Here, Right Now Hal Lockhart September 25, 2012.

Slides:



Advertisements
Similar presentations
Federated Identity for Grid Architects Tom Scavo NCSA
Advertisements

1© Nokia Siemens Networks SAML Name Identifier Request-Response Protocol Contribution to OASIS Security Services TC Christian Günther, Thinh Nguyenphu.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
UDDI v3.0 (Universal Description, Discovery and Integration)
OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
SWITCHaai Team Introduction to Shibboleth.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Voting members Kathryn Breininger.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
OASIS Week of ebXML Standards Webinars June 4 – June 7, 2007.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.
SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Undecided Issues n Invitation.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
SAML 2.0: Federation Models, Use-Cases and Standards Roadmap
Saml-v1_x-tech-overview-dec051 Security Assertion Markup Language SAML 1.x Technical Overview Tom Scavo NCSA.
Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Identity in the Cloud (ID-Cloud) Towards standardizing Cloud Identity
Cross-Enterprise User Authentication John F. Moehrke GE Healthcare IT Infrastructure Technical Committee.
Payment in Identity Federations David J. Lutz Universitaet Stuttgart.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Voting members Kathryn Breininger.
EGovernment Commonalities within Europe and beyond Colin Wallis & Fulup Ar Foll European Identity Conference 2011.
Jeju Island, Korea, 13 – 16 May 2013Identity Management and Identification Systems GSC17-PLEN-43 ITU-T IDENTITY MANAGEMENT UPDATE Bilel Jamoussi, Chief,
Innovation through participation EduGAIN policy (working draft) Status update REFEDs 30th May 2010
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Shibboleth Working Group, Fall 2010 Scott Cantor, OSU Chad LaJoie, Itumi, LLC.
1 SAIC XMSF Update XMSF Workshop & MOVES Open House 4-5 August 2003 Katherine L. Morse, Ph.D., David L. Drake, Ryan.
SAML 2.0 and Related Work in XACML and WS-Security Hal Lockhart BEA Systems.
Workshop on Security for Web Services. Amsterdam, April 2010 Applying SAML to Identity Data Exchange.
Shibboleth Identity Provider Version 3
Access Policy - Federation March 23, 2016
HMA Identity Management Status
Azure Active Directory - Business 2 Consumer
Federation made simple
SAML New Features and Standardization Status
HMA Identity Management Status
Identity Federations - Overview
Scalability of trust and metadata exchange across federations
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
OpenID Connect Working Group
UK Access Management Federation
, editor October 8, 2011 DRAFT-D
Shibboleth 2.0 IdP Training: Introduction
CPPA3 Overview.
INTEGRATIONS WITH Single Sign-On
Presentation transcript:

SAML Right Here, Right Now Hal Lockhart September 25, 2012

Outline n Summary of SAML 2.0 l Specifications & Deployments n Work done since 2.0 n Objectives of SAML 2.1 n Proposed Task List n Other Possible Work n Invitation to Participate

Status Overview n SAML OASIS Standard - March 2005 n ITU-T Rec. X.1141 – June 2006 n Work since 2005 has consisted of defining additional Profiles l 3 Oasis Standards l 24 Committee Specifications l 1 Committee Draft l Errata & Updated Technical Overview

SAML Deployment Overview n Dominant technology for enterprise SSO n Small number of very large federations l Millions of users and/or hundreds of SPs and/or IdPs l Primarily Research, Education and Govt l Government services to ALL citizens in a number of countries

Representative Deployments n NASA Launchpad IdP n National Association of Realtors (US) n SSO Service for Google Apps n SSO for Salesforce.com CRM n Chevron Corp Cloud Based Services n REFEDS Research & Education worldwide n 2010 Vancouver Winter Olympics n Carolinas HealthCare System

SAML 2.0 Specifications n Conformance Requirements l Required “Operational Modes” for SAML implementations n Assertions and Protocols l The “Core” specification n Bindings l Maps SAML messages onto common communications protocols n Profiles l “How-to’s” for using SAML to solve specific business problems n Metadata l Configuration data for establishing connections between SAML entities n Authentication Context l Detailed descriptions of user authentication mechanisms n Security and Privacy Considerations l Security and privacy analysis of SAML 2.0 n Glossary l Terms used in SAML 2.0

Post 2.0 Profiles by Category CategoryNumber of Profiles Metadata7 Attributes2 Holder-of-Key2 Deployment2 New Protocols4 Authentication Context3 Kerberos3 Other5

Selected Highlights n Simple Sign Binding l Simple, efficient signing w/o C14N n SP Request Initiation l Allows specification of how AuthN is done n Identity Provider Discovery Service l Enhanced IdP Discovery n LDAP/X.500 Attribute Profile l Corrects original SAML 2.0 Profile

Key Metadata Profiles - 1 n Metadata Extension for Entity Attributes l Associate attributes with SPs & IdPs n Metadata Interoperability Profile l Use metadata to configure keys n Metadata Profile for Algorithm Support l Configure crypto details & key rollover

Key Metadata Profiles – 2 n Metadata Extensions for Login and Discovery User Interface l Configure user choices for AuthN n Metadata Extensions for Registration and Publication Information l Document business processes

Errata and Non-normative n Approved Errata l Official under OASIS TC process n SAML 2.0 Technical Overview l Greatly improved l Many diagrams, usecases, etc.

SAML 2.1 Objectives n Make specifications easier to use n Retain backward compatibility n Improve specification quality n Make small improvements

Improve Usability n Apply errata n Remove deprecated text n Provide everything needed to implement a component (e.g. SP) in one place n Provided detailed guidance on how to counter threats

Backward Compatibility n Retain formats, protocols, namespaces, except to correct errors n Retain interoperability with deployed implementations l Where not possible minimize and clearly identify differences n Retain Version=“2.0” in XML

Improve Specification Quality n Incorporate popular Profiles in core n Update normative references l e.g. XML Signature n Re-factor Conformance Requirements n Better integration of Metadata l Some Metadata support mandatory

Improvements n Incorporate Profiles listed in slide 8 n Present SP and IdP implementation considerations separately n Incorporate Metadata profiles listed in slides 9 & 10 n Move text on little used features out of main specifications

Other Possible Work* n Improved SSO based on field experience n Use HTML5 features n Additional session semantics n JOSE instead of Simple Sign n Limited unlinkability between SP and IDP n Emphasize data format compatibility * Not Committed

Get Involved n An opportunity to influence the future of SAML n Resolve issues your organization has with SAML n Join the Security Services TC n All work available online and by n Telephone meetings alternate Tuesdays 12:00 PM ET

Useful Links n SAML 2.1 Wiki l n Wikipedia – SAML Products & Services l based_products_and_services#Libraries_and_took_kits_to_develop_SAML_acto rs_and_SAML-enable_services based_products_and_services#Libraries_and_took_kits_to_develop_SAML_acto rs_and_SAML-enable_services n Kantara Global Trust Framework Survey l Framework+Survey Framework+Survey

More Links - 1 n NASA Launchpad l open.org/apps/org/workgroup/security/download.php/46740/NASA_launchpad_ SAML_Aug2012.pdf open.org/apps/org/workgroup/security/download.php/46740/NASA_launchpad_ SAML_Aug2012.pdf n National Association of Realtors l 20Case%20Study%20FINAL%20%5B2%5D%5B1%5D.pdf 20Case%20Study%20FINAL%20%5B2%5D%5B1%5D.pdf n SSO for Google Apps l n SSO for Salesforce.com CRM l

More Links - 2 n Chevron Corporation l Study-Chevron.pdf Study-Chevron.pdf n Research & Education Federations l n 2010 Vancouver Winter Olympics l n Carolinas HealthCare System l

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.