1 / 11

SAML Interoperability Lab

RSA Conference 2004. SAML Interoperability Lab. Agenda. SAML and the OASIS SSTC SAML Timeline Brief SAML History SAML Interop Lab Q & A Demo. SAML and the OASIS SSTC. SAML: Security Assertion Markup Language A framework for the exchange of security-related information

ckeegan
Télécharger la présentation

SAML Interoperability Lab

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Conference 2004 SAML Interoperability Lab

  2. Agenda • SAML and the OASIS SSTC • SAML Timeline • Brief SAML History • SAML Interop Lab • Q & A • Demo

  3. SAML and the OASIS SSTC • SAML: Security Assertion Markup Language • A framework for the exchange of security-related information • Developed within OASIS, a non-profit with a standards creation mission • http://www.oasis-open.org • The OASIS Security Services Technical Committee (SSTC) manages the development of SAML • Any OASIS member can participate in the SSTC • ~35 active SSTC voting members (up from V1.1) • 20+ companies and organizations

  4. Brief SAML History • SAML is a success because its development was and continues to be driven by real business use cases • Web SSO • Authorization Services • Distributed Transactions • Very strong “coopetition” • Focus, focus, focus! • Very careful prioritization of work items • SAML solutions: • Save $$$ • Create new business opportunities

  5. SAML Timeline Formally submitted to the SSTC SAML 2.0mid-2004 ID-FF 1.2October 2003 Shibboleth1H 2003 LA 1.1January 2003 SAML 1.1Completed: May 2003OASIS Standard: Sep 2003 SAML 1.0Completed: May 2002OASIS Standard: Nov 2002 LA: Liberty Alliance ID-FF: Identity Federation Framework

  6. 12 Participants Computer Associates DataPower Technology Entegrity Solutions Entrust GSA/Enspier Technologies Hewlett-Packard GSA Sponsorship eGov eAuthentication Initiative Oblix OpenNetwork Ping Identity RSA Security Sun Microsystems Trustgenix SAML Interop Lab Participants

  7. SAML Interop Lab Overview • 3 Days of Interop Testing • Web SSO Interoperability • 2 Demos: “eAuthentication” and “generic SAML” • 3 Web Sites • Portal • Identity Provider - where you log in • Service Provider - where an application lives • 2 SAML Web SSO “Profiles” • Browser/Artifact Profile (10 vendors) • Browser/POST Profile (8 vendors) • Attribute Query for web service authorization (1 scenario) • Results in ~100 test cases!

  8. SAML Interop Lab Web SSO Demo • Focus on eAuthentication Architecture • Demonstrate 3-site exchanges • Visit Portal • Choose an application site and a user logon site • Logon with username/password • Web SSO to the chosen application • Re-visit portal to choose another application • Web SSO to next application without re-authenticating • Note the application customization based on user attributes obtained from the logon site

  9. Wrapup • Questions? • On to the demo!

  10. Browser/Artifact Profile

  11. Browser/POST Profile

More Related