Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01.

Similar presentations


Presentation on theme: "SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01."— Presentation transcript:

1 SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01

2 SAML  Security Assertion Markup Language  XML language to exchange security information  Example of SAML assertion:  SAML Version 2: OASIS standard (March, 2005) „Assertion Issuer I has authenticated Assertion Subject S using Authentication Method M“

3 saml-policy draft  common-policy:  policy rule = (conditions, actions, transformations)  saml-policy:  support for SAML assertions as conditions  This means, support for policy rules such as  saml-policy extends common-policy framework in the same way as geopriv-policy does „If Assertion Issuer I has issued a SAML assertion assuring that the Assertion Subject S has been authenticated by means of Authentication Method M, then S is permitted to...“

4 Basic Scenario +-------------+ 1: Authentication +------------+ | | | Asserting | | Subject (S) | | Party | | |<------------------| (AP) | +-------------+ 2: SAML Assertion +------------+ | 3:| Service Request | + Assertion v +-------------+ +------------+ | Relying | 4: Policy | Policy | | Party |<------------------| Server | | (RP) | | (PS) | +-------------+ +------------+

5 I-D version 01  element  to replace 'anyType' child element of  specifies properties that a SAML assertion must satisfy in order to make the SAML condition match  To date, these properties are:  Which Assertion Issuers are acceptable?  defined  For which Assertion Subjects (=Requestors)?  defined  Which Authentication Methods are acceptable?  defined

6 example idp.com bob@example.com urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

7 saml-policy open issues 1)SAML assertions with authorization decision statements 2)SAML assertions with attribute statements 3)Alignment with Common Policy markup language 4)Security Considerations 5)IANA considerations


Download ppt "SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01."

Similar presentations


Ads by Google