SAML (Security Assertion Markup Language)
Dosed by Swapna K M – M & E Team (from MphasiS Software Services)
What is an SAML ?
SAML is an XML based framework for communicating user authentication,
authorization, entitlement and attribute information.
SAML defines XML-based assertions and protocols, bindings, and profiles. SAML
protocol refers to what is transmitted, not how (the latter is determined by
the choice of binding). So SAML Core defines "bare" SAML assertions along with
SAML request and response elements.
Three types of statements are provided by SAML: Authentication statements,
Attribute statements and Authorization decision statements.
Why is SAML required?
1. Limitations of Browser cookies
Most existing Single-Sign On products use browser cookies to maintain state so
that re-authentication is not required. Browser cookies are not transferred
between DNS domains. So, if you obtain a cookie from www.abc.com, then that
cookie will not be sent in any HTTP messages to www.xyz.com. This could even
apply within an organization that has separate DNS domains. Therefore, to solve
the Cross-Domain SSO (CDSSO) problem requires the application of different
technology. All SSO products solve the CDSSO problem by different techniques.
2. SSO Interoperability
How products implement SSO and CDSSO are completely proprietary. If you are an
organization and you want to perform SSO across different DNS domains within
the same organization or you want to perform CDSSO to trading partners, then
you will have to use the same SSO product in all the domains.
3. Web Services
Security within Web Services is still being defined. Most of the focus has been
on how to provide confidentiality and authentication/integrity services on an
end-to-end basis. The SAML standard provides the means by which authentication
and authorization assertions can exchanged between communicating parties.
4. Federation
The need to simplify identity management across organizational boundaries,
allowing users to consolidate many local identities into a single (or at least
a reduced set) Federated Identity.
How does it work?
1. End user's browser accesses authentication server, and authentication server
asks for user ID and password.
2. End user enters ID and password. Authentication server checks with LDAP
directory and then authenticates end user.
3. End user requests a resource from destination/Web services server.
Authentication server opens a session with destination server.
4. Authentication server sends uniform resource identifier (URI) to end user.
End user browser is redirected to URI, which connects end user to Web service.
Further References
http://en.wikipedia.org/wiki/SAML
http://xml.coverpages.org/saml.html
Explore your hobbies and interests. Go to
http://in.promos.yahoo.com/groups/
Join Access India convention: For updates on it visit:
http://accessindia.org.in/harish/convention.htm
Registration is now open!
To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe.
To change your subscription to digest mode or make any other changes, please
visit the list home page at
http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
