Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML New Features and Standardization Status

Published byJerome Kennedy Modified over 6 years ago

Similar presentations

Presentation on theme: "SAML New Features and Standardization Status"— Presentation transcript:

1 SAML New Features and Standardization Status
Prepared for ITU-T by Hal Lockhart Oracle September 17, 2009

2 Status Overview SAML 2.0 - OASIS Standard - March 2005
ITU-T Rec. X.1141 – June 2006 Work since 2005 has consisted of defining additional Profiles 2 Oasis Standards [noted as “(OS)”] 15 Committee Specifications XSPA Profile submitted for Oasis Standard vote 1 Committee Draft [noted as “(CD)”] Errata & Updated Technical Overview

3 Post 2.0 Profiles by Category Metadata
Metadata Profile for SAML V1.x (OS) Using metadata with prior versions Metadata Extension for SAML V2.0 and V1.x Query Requesters (OS) Metadata associated with queries Metadata Extension for Entity Attributes Metadata about Subjects and Attributes Metadata Interoperability Profile

4 Post 2.0 Profiles by Category Attributes
SAML V2.0 Attribute Extensions Defines additional attribute properties Will be added to as needed Attribute Sharing Profile for X.509 Authentication-Based Systems Attribute queries for X.509 Attributes Subject DN is lookup key

5 Post 2.0 Profiles by Category Holder of Key
Holder-of-Key Assertion Profile How to use X.509 with SAML Assertions Holder-of-Key Web Browser SSO Profile Uses TLS and an off the shelf browser Enables SAML capabilities by cryptographically secure means Additional attributes may be provided

6 Post 2.0 Profiles by Category Deployment
Subject-based Profiles for SAML V1.1 Assertions Enables mixed SAML 2.0 & 1.x deployments Deployment Profiles for X.509 Subjects Enables interoperability in X.509 environments

7 Post 2.0 Profiles by Category New Protocols
Identity Provider Discovery Service Protocol Alternative to the IDP discovery protocol in SAML 2.0 Protocol Extension for Third-Party Requests Request to send Assertion to a 3rd Party

8 Post 2.0 Profiles by Category Authentication Context
Protocol Extension for Requested Authentication Context More flexible queries for AuthN Context Shared Credentials Authentication Context Extension Adds ability to distinguish shared credentials Text-Based Challenge/Response Token Authentication Context Additional AuthN Context definitions

9 Post 2.0 Profiles by Category Other
Cross-Enterprise Security and Privacy Authorization (XSPA) Profile Attribute definitions for Healthcare X.500/LDAP Attribute Profile Fixes bug in SAML 2.0 HTTP POST “SimpleSign” Binding (CD) Defines an easier to implement signature

10 Errata and Non-normative
Approved Errata Official under OASIS TC process SAML 2.0 Technical Overview Greatly improved Many diagrams, usecases, etc.

11 Projected Status - Spring 2010
Likely OASIS Standards Metadata Profile for SAML 1.x Metadata Extension for SAML V2.0 and V1.x Query Requesters XSPA Profile (Healthcare) Approved Errata Other specifications generally awaiting implementations

Download ppt "SAML New Features and Standardization Status"

Similar presentations

Federated Identity for Grid Architects Tom Scavo NCSA

Federated Identity for Grid Architects Tom Scavo NCSA
1© Nokia Siemens Networks SAML Name Identifier Request-Response Protocol Contribution to OASIS Security Services TC Christian Günther, Thinh Nguyenphu.

1© Nokia Siemens Networks SAML Name Identifier Request-Response Protocol Contribution to OASIS Security Services TC Christian Günther, Thinh Nguyenphu.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.

X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.

EbXML Registry Technical Committee n Defining and managing interoperable registries and repositories n The OASIS ebXML Registry TC develops specifications.
Www.oasis-open.org ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.

ebXML Registry Technical Committee Defining and managing interoperable registries and repositories Kathryn Breininger (TC Chair)The.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.

What IHE Delivers Healthcare Provider Directories IHE IT Infrastructure Planning Committee Eric Heflin – Medicity/THSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Similar presentations

Ads by Google