Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between."— Presentation transcript:

1 Carl A. Foster

2  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between security domains.  Why is it Important?  SAML abstracts the security away from platform architectures and vendor implementations.

3  Three Versions of SAML have been released  SAML 1.0 - November 2002  SAML 1.1 – September 2003  SAML 2.0 – March 2005  Originally a Product of OASIS Security Services Technical Committee  SAML 2.0 Implements Much Stronger Federation Identity Management  Liberty Alliance and Shibboleth Initiatives contributed to version 2.0

4  Protocols  Assertion Query and Request Protocols  Authentication Request Protocol  Artifact Resolution Protocol  Name Identifier Management Protocol  Single Logout Protocol  Bindings  SAML SOAP Binding  Reverse SOAP Binding  HTTP Artifact Binding  SAML URI Binding  Profiles  SSO Profile – Most important

5  Web Service Choreography  Relationships between web services are dynamic  Decisions are made between individual web services  No single web service is in control  Typically used when web services share information between domains  Web Service Orchestration  Frequently Unified  Typical design for web services within a domain.  One Web Service typically in control of others

6

7

8 1. Request a Resource https://my.bank.com/myAccount 2. Respond With Form... ……………….. 3. Request the SSO Service at Identity Provider User agent issues POST Request to SSO Service SSO service processes authentication request User is Identified

9 4. XHTML For is Given as Response... 5. Request Assertion Consumer Service at SP User Agent issues POST request at the service provider. Value of SAMLResponse parameter is read from XHTML 6. User Agent is Redirected to Target Resource Process Response Create Security Context at SP Redirect user agent to Target Resource

10 7. Second Request of Resource at SP https://my.bank.com/myAccount 8. Request Assertion Consumer Service at SP Security Context Exists Resource is Returned to the User Agent NOTE: Example of SAML Security Policy Bound to service <wsp:PolicyReference URI="oracle/wss11_saml20_token_with_message_protection_service_policy" orawsp:category="security" orawsp:status="enabled"/>

11

12  Nothing Mandated – Only Recommendations  Service Providers all need to agree upon the same standards  Mixed versions of SAML may be used  Hard to Determine the impacts of Change  Hard to test from a security standpoint.  Difficult to configure  Lots of moving pieces, hardware, software, keystore, and business elements.

13  Automate large scale on demand systems with web services secured by SAML.  Further Investigate Shibboleth SSO use with SAML  Become fluent the various ways to secure web services using security policies in cloud computing environments.

14 NIST: Guide to Secure Web Services http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf OASIS: Authorization Context for the OASIS Security Service Markup Language (SAML) V2.0 http://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf PAPERS: Information Assurance Challenges and Stratagies for Securing SOA Environments and Web Services IEEE SysCon 2009 —3rd Annual IEEE International Systems Conference, 2009 Vancouver, Canada, March 23–26, 2009 Combining Identity Federation With Payment: The SAML Based Payment Protocol 2010 IEEE/IFIP Network Operations and Management Symposium - NOMS 2010

Download ppt "Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
2/11/2014 8:44 AM The CDA Release 3 Specification Stack September 2009 HL7 Services-Aware Enterprise Architecture Framework (SAEAF)

2/11/2014 8:44 AM The CDA Release 3 Specification Stack September 2009 HL7 Services-Aware Enterprise Architecture Framework (SAEAF)
SAML CCOW Work Item: Task 2

SAML CCOW Work Item: Task 2
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
Virtualization and Cloud Computing

Virtualization and Cloud Computing
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Will Darby 91.514 5 April 2010.  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google