Presentation is loading. Please wait.

Presentation is loading. Please wait.

Catalyst 2002 SAML InterOp July 15, 2002 San Francisco.

Published byDuane Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Catalyst 2002 SAML InterOp July 15, 2002 San Francisco."— Presentation transcript:

1 Catalyst 2002 SAML InterOp July 15, 2002 San Francisco

2 Agenda SAML Intro SAML Status InterOp Flows Relationship to other efforts

3 What is SAML? Security Assertion Markup Language Framework for exchange of security-related information Information about authentication and authorization expressed as XML documents

4 SAML Profiles A “profile” describes how SAML should be used to solve some business problem Web browser profile for Single-Sign On – Part of SAML 1.0 WS-Security profile for securing web services – Currently under development by the SSTC

5 SAML is NOT… A new form of authentication An alternative to WS-security Limited to legacy applications Limited to web browser applications Limited to web services security

6 SAML Status Developed within OASIS by the security services technical committee (SSTC) SSTC voted to accept as committee specification on 16 April 2002 Submitted to OASIS for acceptance as a standard on 28 may 2002 – Anticipate approval 1 Nov 2002 Several products available today with many announced for near future

7 SAML InterOp Details 12 Vendors --- Baltimore Technologies, Crosslogix, ePeople, Entegrity Solutions, IBM/Tivoli, Netegrity, Novell, Oblix, OverXeer, RSA Security, Sigaba, Sun Microsystems Each vendor implements the SAML web browser profile for SSO

8 Types of InterOp Sites Portal Site – Simulates a govt. or enterprise portal – User logs into portal and selects services or content available from “other” sites Content Site – Simulates a service or content provider Most vendors implement both types of sites

9 Configuration Parameters Portal and Content Sites must agree upon certain configuration parameters – Trust Model --- How the two sites will recognize each other? – Format and values of attributes conveyed from Portal to Content Site – Small number of URLs for assertion generation and consumption

10 interOp Flows username password Content Site 1 Content Site 2 Content Site 3 Content Site 4 Links to Site 1 Links to Site 2 Links to Site 3 Links to Site 4

11 Demonstration Scenario Begin demo --- signon at any Portal Click thru to any content site Content site will display user attributes transmitted from portal and generate appropriate content

12 Demo Message Exchange Portal Web User Source Web Site Destination Web Site Content Site Authenticate (out of band) Access inter-site transfer URL Redirect with artifact Get assertion consumer URL Request referenced assertion Supply referenced assertion Provide or refuse destination resource (out of band)

13 Browser Profile vs. MS Passport MS Passport requires use of single site where users must authenticate – Browser profile allows user’s to authenticate at their “home site” portal MS Passport requires proprietary software at content site – Software from any vendor implementing browser profile can be used at portal and at content site

14 SAML and Liberty Alliance Based on information available today, these are complementary efforts TBD – Perhaps more information will be available on July 15, 2002

Download ppt "Catalyst 2002 SAML InterOp July 15, 2002 San Francisco."

Similar presentations

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)

- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
Common Portal Definitions AZ-SLDS Program Team July 2011 FOR EXAMPLE USE ONLY.

Common Portal Definitions AZ-SLDS Program Team July 2011 FOR EXAMPLE USE ONLY.
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Implementing an Enterprise Security System for Internet Authentication and Authorization Ken Patterson, CISSP Information Security Officer Harvard Pilgrim.

Implementing an Enterprise Security System for Internet Authentication and Authorization Ken Patterson, CISSP Information Security Officer Harvard Pilgrim.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
SAML basics A technical introduction to the Security Assertion Markup Language Eve Maler XML Standards Architect XML Technology Center Sun Microsystems,

SAML basics A technical introduction to the Security Assertion Markup Language Eve Maler XML Standards Architect XML Technology Center Sun Microsystems,
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.

Catalyst 2002 SAML InterOp July 15, 2002 Prateek Mishra San Francisco Netegrity.
SWITCHaai Team Introduction to Shibboleth.

SWITCHaai Team Introduction to Shibboleth.
Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.

Shib in the present and the future Ken Klingenstein Director, Internet2 Middleware and Security.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Similar presentations

Ads by Google