SAML CCOW Work Item

HL7 Working Group Meeting San Antonio - January 2008

Presented by:

David Staggs, JD CISSPVHA Office of Information

Standards

2

Introduction: What is SAML

SAML was discussed in the last sessionBriefly, Security Assertion Markup Language

(SAML) is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain.

3

Types of SAML Assertions

Authentication: The specified subject was authenticated by a particular means at a particular time

Attribute: The specified subject is associated with the supplied attributes

Authorization Decision: A request to allow the specified subject to access the specified resource has been granted or denied

4

Simple Type DecisionType

Permit The specified action is permitted

Deny The specified action is denied

Indeterminate The SAML authority cannot determine

whether the specified action is permitted or denied

5

Use of SAML with CCOW

USER APPLICATION CONTEXT MANAGER

6

Use of SAML with CCOW

APPLICATION CONTEXT MANAGER

Shared Secret

Digital Signature

SAML Assertion

7

Proposed Application-CM use of SAML

APPLICATION CONTEXT MANAGER

SAML Assertion(possibly cached)

SAML Authority

8

Reasons for SAML Adoption

Increasingly, applications will not authenticate against a private access control list,‡ instead users will authenticate against a SAML authority

Alternatively, authentication could be done by SAML service if parties “speak SAML”

Benefit: SAML provides centralized and dynamic control of access to enterprise assets

9

Uses for SAML in CCOW

SAML will provide:Applications and components participating in

the chain of trust are able to authenticate each other’s identity based on assertions

Context manager is able to ensure that the application or agent is among those allowed to set and/or get the subject’s data based on assertions (by assertion or reference)

Simplify creating a system that employs digital signatures for applications and components

10

Questions Regarding use of SAML

Will Authenticating applications still require encryption (for passing AuthN credentials to SAML authority) and integrity (for messages to CCOW CM)?

Method-based digital signatures as the basis for the chain of trust provides additional value of ensuring the integrity of any data communicated, will applications also need to support signing?

11

Uses for SAML AuthN User

In the chain of trust digital signatures (and corresponding keys) or shared secrets are not associated with a user, but rather with an application or component

However, one major design goal for SAML is Single Sign-On (SSO), the ability of a user to authenticate in one domain and use resources in other domains without re-authenticating. CCOW applications may increasingly be SAML clients.

12

Future User-Application use of SAML

USER APPLICATION (NEEDS TO BE SAML-

AWARE ANYWAY)

CONTEXT MANAGER

SAML AuthoritySSO

13

Some SAML Requirements

Applications (Apps) must identify themselves using an application-specific SAML assertionApps designated for User Authentication may

require additional assertions‡

Context manager must identify itself to Apps using a SAML assertion

Annotation Agents may need to interact with services using a SAML assertionShould information from services to AA be

expressed as SAML assertions?

14

Future Application-CM use of SAML

APPLICATION (CHANGING CONTEXT)

APPLICATION (CONTEXT

PARTICIPANT)

CONTEXT MANAGER

APPLICATION (CONTEXT

PARTICIPANT)

APPLICATION (CONTEXT

PARTICIPANT)

APPLICATION (CONTEXT

PARTICIPANT)

15

Schema Fragment Defining DecisionType

Does not include SAML header or transport protocol (e.g. SOAP)

16

Schema Fragment Defining AssertionType