1. SAML in Authorization Policies draft-guenther-geopriv-saml-policy-01

2. SAML  Security Assertion Markup Language  XML language to exchange security information  Example of SAML assertion:  SAML Version 2: OASIS standard (March, 2005) „Assertion Issuer I has authenticated Assertion Subject S using Authentication Method M“

3. saml-policy draft  common-policy:  policy rule = (conditions, actions, transformations)  saml-policy:  support for SAML assertions as conditions  This means, support for policy rules such as  saml-policy extends common-policy framework in the same way as geopriv-policy does „If Assertion Issuer I has issued a SAML assertion assuring that the Assertion Subject S has been authenticated by means of Authentication Method M, then S is permitted to...“

4. Basic Scenario +-------------+ 1: Authentication +------------+ | | | Asserting | | Subject (S) | | Party | | |<------------------| (AP) | +-------------+ 2: SAML Assertion +------------+ | 3:| Service Request | + Assertion v +-------------+ +------------+ | Relying | 4: Policy | Policy | | Party |<------------------| Server | | (RP) | | (PS) | +-------------+ +------------+

5. I-D version 01  element  to replace 'anyType' child element of  specifies properties that a SAML assertion must satisfy in order to make the SAML condition match  To date, these properties are:  Which Assertion Issuers are acceptable?  defined  For which Assertion Subjects (=Requestors)?  defined  Which Authentication Methods are acceptable?  defined

6. example idp.com bob@example.com urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

7. saml-policy open issues 1)SAML assertions with authorization decision statements 2)SAML assertions with attribute statements 3)Alignment with Common Policy markup language 4)Security Considerations 5)IANA considerations