11
SAML Interoperabi lity Lab RSA Conference 2004

SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Embed Size (px)

DESCRIPTION

SAML and the OASIS SSTC SAML: Security Assertion Markup Language —A framework for the exchange of security-related information Developed within OASIS, a non-profit with a standards creation mission —http://www.oasis-open.orghttp://www.oasis-open.org The OASIS Security Services Technical Committee (SSTC) manages the development of SAML Any OASIS member can participate in the SSTC —~35 active SSTC voting members (up from V1.1) —20+ companies and organizations

Citation preview

Page 1: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interoperability Lab

RSA Conference

2004

Page 2: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Agenda

SAML and the OASIS SSTC

SAML Timeline

Brief SAML History

SAML Interop Lab

Q & A

Demo

Page 3: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML and the OASIS SSTC

SAML: Security Assertion Markup Language— A framework for the exchange of security-related information

Developed within OASIS, a non-profit with a standards creation mission— http://www.oasis-open.org

The OASIS Security Services Technical Committee (SSTC) manages the development of SAML

Any OASIS member can participate in the SSTC— ~35 active SSTC voting members (up from V1.1)

— 20+ companies and organizations

Page 4: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Brief SAML History

SAML is a success because its development was and continues to be driven by real business use cases— Web SSO

— Authorization Services

— Distributed Transactions

Very strong “coopetition”

Focus, focus, focus!— Very careful prioritization of work items

SAML solutions:— Save $$$

— Create new business opportunities

Page 5: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Timeline

SAML 1.0Completed: May 2002OASIS Standard: Nov 2002

SAML 1.1Completed: May 2003OASIS Standard: Sep 2003

LA 1.1January 2003

ID-FF 1.2October 2003

Shibboleth1H 2003

Formally submitted to the SSTC SAML 2.0mid-2004

LA: Liberty Alliance

ID-FF: Identity Federation Framework

Page 6: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Participants

12 Participants— Computer Associates

— DataPower Technology

— Entegrity Solutions

— Entrust

— GSA/Enspier Technologies

— Hewlett-Packard

GSA Sponsorship— eGov eAuthentication Initiative

— Oblix

— OpenNetwork

— Ping Identity

— RSA Security

— Sun Microsystems

— Trustgenix

Page 7: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Overview

3 Days of Interop Testing

Web SSO Interoperability— 2 Demos: “eAuthentication” and “generic SAML”— 3 Web Sites

• Portal• Identity Provider - where you log in• Service Provider - where an application lives

— 2 SAML Web SSO “Profiles”• Browser/Artifact Profile (10 vendors)• Browser/POST Profile (8 vendors)

Attribute Query for web service authorization (1 scenario)

Results in ~100 test cases!

Page 8: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

SAML Interop Lab Web SSO Demo

Focus on eAuthentication Architecture

Demonstrate 3-site exchanges1. Visit Portal

2. Choose an application site and a user logon site

3. Logon with username/password

4. Web SSO to the chosen application

5. Re-visit portal to choose another application

6. Web SSO to next application without re-authenticating

Note the application customization based on user attributes obtained from the logon site

Page 9: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Wrapup

Questions?

On to the demo!

Page 10: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Browser/Artifact Profile

Browser

Redirect toDestination + cookie

9

8

Inter-SiteTransferService

Access Check

AuthenticationAuthority

3

UserLogin

5

SelectRemote

Application

CredentialChallenge

2 4

DisplayRemote

ApplicationLinks

6

AccessIdentityProvider

1

Identity Provider Web Site

ApplicationPortal

Redirect withSAMLArtifact

SOAP BindingService

Remote Application

Access Check

ArtifactReceiverService

Service Provider Web Site

7

SAMLRequest

SAMLResponse

Page 11: SAML Interoperability Lab RSA Conference 2004. Agenda SAML and the OASIS SSTC SAML Timeline Brief SAML…

Browser/POST Profile

Browser

SAMLResponse withAssertion inHTTP Form

Redirect toDestination + cookie

Remote Application

Access Check

7

8

AssertionConsumer

Service

Inter-SiteTransferService

Access Check

AuthenticationAuthority

3

UserLogin

5

SelectRemote

Application

CredentialChallenge

2 4

DisplayRemote

ApplicationLinks

6

AccessIdentityProvider

1

Identity Provider Web Site Service Provider Web Site

ApplicationPortal

POST Formwith Response& Assertion