saml interoperability lab rsa conference 2004. agenda saml and the oasis sstc saml timeline brief...
DESCRIPTION
SAML and the OASIS SSTC SAML: Security Assertion Markup Language —A framework for the exchange of security-related information Developed within OASIS, a non-profit with a standards creation mission —http://www.oasis-open.orghttp://www.oasis-open.org The OASIS Security Services Technical Committee (SSTC) manages the development of SAML Any OASIS member can participate in the SSTC —~35 active SSTC voting members (up from V1.1) —20+ companies and organizationsTRANSCRIPT
SAML Interoperability Lab
RSA Conference
2004
Agenda
SAML and the OASIS SSTC
SAML Timeline
Brief SAML History
SAML Interop Lab
Q & A
Demo
SAML and the OASIS SSTC
SAML: Security Assertion Markup Language— A framework for the exchange of security-related information
Developed within OASIS, a non-profit with a standards creation mission— http://www.oasis-open.org
The OASIS Security Services Technical Committee (SSTC) manages the development of SAML
Any OASIS member can participate in the SSTC— ~35 active SSTC voting members (up from V1.1)
— 20+ companies and organizations
Brief SAML History
SAML is a success because its development was and continues to be driven by real business use cases— Web SSO
— Authorization Services
— Distributed Transactions
Very strong “coopetition”
Focus, focus, focus!— Very careful prioritization of work items
SAML solutions:— Save $$$
— Create new business opportunities
SAML Timeline
SAML 1.0Completed: May 2002OASIS Standard: Nov 2002
SAML 1.1Completed: May 2003OASIS Standard: Sep 2003
LA 1.1January 2003
ID-FF 1.2October 2003
Shibboleth1H 2003
Formally submitted to the SSTC SAML 2.0mid-2004
LA: Liberty Alliance
ID-FF: Identity Federation Framework
SAML Interop Lab Participants
12 Participants— Computer Associates
— DataPower Technology
— Entegrity Solutions
— Entrust
— GSA/Enspier Technologies
— Hewlett-Packard
GSA Sponsorship— eGov eAuthentication Initiative
— Oblix
— OpenNetwork
— Ping Identity
— RSA Security
— Sun Microsystems
— Trustgenix
SAML Interop Lab Overview
3 Days of Interop Testing
Web SSO Interoperability— 2 Demos: “eAuthentication” and “generic SAML”— 3 Web Sites
• Portal• Identity Provider - where you log in• Service Provider - where an application lives
— 2 SAML Web SSO “Profiles”• Browser/Artifact Profile (10 vendors)• Browser/POST Profile (8 vendors)
Attribute Query for web service authorization (1 scenario)
Results in ~100 test cases!
SAML Interop Lab Web SSO Demo
Focus on eAuthentication Architecture
Demonstrate 3-site exchanges1. Visit Portal
2. Choose an application site and a user logon site
3. Logon with username/password
4. Web SSO to the chosen application
5. Re-visit portal to choose another application
6. Web SSO to next application without re-authenticating
Note the application customization based on user attributes obtained from the logon site
Wrapup
Questions?
On to the demo!
Browser/Artifact Profile
Browser
Redirect toDestination + cookie
9
8
Inter-SiteTransferService
Access Check
AuthenticationAuthority
3
UserLogin
5
SelectRemote
Application
CredentialChallenge
2 4
DisplayRemote
ApplicationLinks
6
AccessIdentityProvider
1
Identity Provider Web Site
ApplicationPortal
Redirect withSAMLArtifact
SOAP BindingService
Remote Application
Access Check
ArtifactReceiverService
Service Provider Web Site
7
SAMLRequest
SAMLResponse
Browser/POST Profile
Browser
SAMLResponse withAssertion inHTTP Form
Redirect toDestination + cookie
Remote Application
Access Check
7
8
AssertionConsumer
Service
Inter-SiteTransferService
Access Check
AuthenticationAuthority
3
UserLogin
5
SelectRemote
Application
CredentialChallenge
2 4
DisplayRemote
ApplicationLinks
6
AccessIdentityProvider
1
Identity Provider Web Site Service Provider Web Site
ApplicationPortal
POST Formwith Response& Assertion