saml interoperability lab rsa conference 2004. agenda saml and the oasis sstc saml timeline brief...

11
SAML Interoperabi lity Lab RSA Conference 2004

Upload: ethel-waters

Post on 20-Jan-2018

214 views

Category:

Documents


0 download

DESCRIPTION

SAML and the OASIS SSTC SAML: Security Assertion Markup Language —A framework for the exchange of security-related information Developed within OASIS, a non-profit with a standards creation mission —http://www.oasis-open.orghttp://www.oasis-open.org The OASIS Security Services Technical Committee (SSTC) manages the development of SAML Any OASIS member can participate in the SSTC —~35 active SSTC voting members (up from V1.1) —20+ companies and organizations

TRANSCRIPT

Page 1: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interoperability Lab

RSA Conference

2004

Page 2: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Agenda

SAML and the OASIS SSTC

SAML Timeline

Brief SAML History

SAML Interop Lab

Q & A

Demo

Page 3: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML and the OASIS SSTC

SAML: Security Assertion Markup Language— A framework for the exchange of security-related information

Developed within OASIS, a non-profit with a standards creation mission— http://www.oasis-open.org

The OASIS Security Services Technical Committee (SSTC) manages the development of SAML

Any OASIS member can participate in the SSTC— ~35 active SSTC voting members (up from V1.1)

— 20+ companies and organizations

Page 4: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Brief SAML History

SAML is a success because its development was and continues to be driven by real business use cases— Web SSO

— Authorization Services

— Distributed Transactions

Very strong “coopetition”

Focus, focus, focus!— Very careful prioritization of work items

SAML solutions:— Save $$$

— Create new business opportunities

Page 5: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Timeline

SAML 1.0Completed: May 2002OASIS Standard: Nov 2002

SAML 1.1Completed: May 2003OASIS Standard: Sep 2003

LA 1.1January 2003

ID-FF 1.2October 2003

Shibboleth1H 2003

Formally submitted to the SSTC SAML 2.0mid-2004

LA: Liberty Alliance

ID-FF: Identity Federation Framework

Page 6: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Participants

12 Participants— Computer Associates

— DataPower Technology

— Entegrity Solutions

— Entrust

— GSA/Enspier Technologies

— Hewlett-Packard

GSA Sponsorship— eGov eAuthentication Initiative

— Oblix

— OpenNetwork

— Ping Identity

— RSA Security

— Sun Microsystems

— Trustgenix

Page 7: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Overview

3 Days of Interop Testing

Web SSO Interoperability— 2 Demos: “eAuthentication” and “generic SAML”— 3 Web Sites

• Portal• Identity Provider - where you log in• Service Provider - where an application lives

— 2 SAML Web SSO “Profiles”• Browser/Artifact Profile (10 vendors)• Browser/POST Profile (8 vendors)

Attribute Query for web service authorization (1 scenario)

Results in ~100 test cases!

Page 8: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Web SSO Demo

Focus on eAuthentication Architecture

Demonstrate 3-site exchanges1. Visit Portal

2. Choose an application site and a user logon site

3. Logon with username/password

4. Web SSO to the chosen application

5. Re-visit portal to choose another application

6. Web SSO to next application without re-authenticating

Note the application customization based on user attributes obtained from the logon site

Page 9: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Wrapup

Questions?

On to the demo!

Page 10: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Browser/Artifact Profile

Browser

Redirect toDestination + cookie

9

8

Inter-SiteTransferService

Access Check

AuthenticationAuthority

3

UserLogin

5

SelectRemote

Application

CredentialChallenge

2 4

DisplayRemote

ApplicationLinks

6

AccessIdentityProvider

1

Identity Provider Web Site

ApplicationPortal

Redirect withSAMLArtifact

SOAP BindingService

Remote Application

Access Check

ArtifactReceiverService

Service Provider Web Site

7

SAMLRequest

SAMLResponse

Page 11: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Browser/POST Profile

Browser

SAMLResponse withAssertion inHTTP Form

Redirect toDestination + cookie

Remote Application

Access Check

7

8

AssertionConsumer

Service

Inter-SiteTransferService

Access Check

AuthenticationAuthority

3

UserLogin

5

SelectRemote

Application

CredentialChallenge

2 4

DisplayRemote

ApplicationLinks

6

AccessIdentityProvider

1

Identity Provider Web Site Service Provider Web Site

ApplicationPortal

POST Formwith Response& Assertion