SAML 2.1Building on Success

Outline Summary of SAML 2.0 Work done since 2.0 Objectives of SAML 2.1 Proposed Task List Undecided Issues Invitation to Participate

Status Overview

SAML 2.0 - OASIS Standard - March 2005 ITU-T Rec. X.1141 – June 2006 Work since 2005 has consisted of defining

additional Profiles 3 Oasis Standards 24 Committee Specifications 1 Committee Draft Errata & Updated Technical Overview

SAML Deployments Do we need to say something about

successful deployments of SAML here?

SAML 2.0 Specifications Conformance

Requirements Required “Operational

Modes” for SAML implementations

Assertions and Protocols The “Core” specification

Bindings Maps SAML messages

onto common communications protocols

Profiles “How-to’s” for using SAML

to solve specific business problems

MetadataConfiguration data for establishing agreements between SAML entities

Authentication ContextDetailed descriptions of user authentication mechanisms

Security and Privacy ConsiderationsSecurity and privacy analysis of SAML 2.0

GlossaryTerms used in SAML 2.0

Post 2.0 Profiles by Category

Category Number of Profiles

Metadata 7

Attributes 2

Holder-of-Key 2

Deployment 2

New Protocols 4

Authentication Context 3

Kerberos 3

Other 5

Errata and Non-normative

Approved Errata Official under OASIS TC process

SAML 2.0 Technical Overview Greatly improved Many diagrams, usecases, etc.

SAML 2.1 Objectives

Make specifications easier to use Retain backward compatibility Improve specification quality Make small improvements

Improve Usability

Apply errata Remove deprecated text Provide everything needed to

implement a component (e.g. SP) in one place

Provided detailed guidance on how to counter threats

Backward Compatibility

Retain formats, protocols, namespaces, except to correct errors

Retain interoperability with deployed implementations Where not possible minimize and

clearly identify differences Retain Version=“2.0” in XML

Improve Specification Quality

Incorporate popular Profiles in core Update normative references

e.g. XML Signature Re-factor Conformance Requirements Better integration of Metadata

Some Metadata support mandatory

Uncommitted Work

Add minor extension Profiles to core Improved SSO based on field experience Use HTML5 features Additional session semantics Limited unlinkability between SP and IDP Emphasize data format compatibility Remove unused features

Get Involved

An opportunity to influence the future of SAML

Resolve issues your organization has with SAML

Join the Security Services TC All work available online and by

email Telephone meetings alternate

Tuesdays 12:00 PM ET

Questions?