SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of...
-
Upload
ambrose-chambers -
Category
Documents
-
view
217 -
download
4
Transcript of SAML 2.1 Building on Success. Outline n Summary of SAML 2.0 n Work done since 2.0 n Objectives of...
SAML 2.1Building on Success
Outline Summary of SAML 2.0 Work done since 2.0 Objectives of SAML 2.1 Proposed Task List Undecided Issues Invitation to Participate
Status Overview
SAML 2.0 - OASIS Standard - March 2005 ITU-T Rec. X.1141 – June 2006 Work since 2005 has consisted of defining
additional Profiles 3 Oasis Standards 24 Committee Specifications 1 Committee Draft Errata & Updated Technical Overview
SAML Deployments Do we need to say something about
successful deployments of SAML here?
SAML 2.0 Specifications Conformance
Requirements Required “Operational
Modes” for SAML implementations
Assertions and Protocols The “Core” specification
Bindings Maps SAML messages
onto common communications protocols
Profiles “How-to’s” for using SAML
to solve specific business problems
MetadataConfiguration data for establishing agreements between SAML entities
Authentication ContextDetailed descriptions of user authentication mechanisms
Security and Privacy ConsiderationsSecurity and privacy analysis of SAML 2.0
GlossaryTerms used in SAML 2.0
Post 2.0 Profiles by Category
Category Number of Profiles
Metadata 7
Attributes 2
Holder-of-Key 2
Deployment 2
New Protocols 4
Authentication Context 3
Kerberos 3
Other 5
Errata and Non-normative
Approved Errata Official under OASIS TC process
SAML 2.0 Technical Overview Greatly improved Many diagrams, usecases, etc.
SAML 2.1 Objectives
Make specifications easier to use Retain backward compatibility Improve specification quality Make small improvements
Improve Usability
Apply errata Remove deprecated text Provide everything needed to
implement a component (e.g. SP) in one place
Provided detailed guidance on how to counter threats
Backward Compatibility
Retain formats, protocols, namespaces, except to correct errors
Retain interoperability with deployed implementations Where not possible minimize and
clearly identify differences Retain Version=“2.0” in XML
Improve Specification Quality
Incorporate popular Profiles in core Update normative references
e.g. XML Signature Re-factor Conformance Requirements Better integration of Metadata
Some Metadata support mandatory
Uncommitted Work
Add minor extension Profiles to core Improved SSO based on field experience Use HTML5 features Additional session semantics Limited unlinkability between SP and IDP Emphasize data format compatibility Remove unused features
Get Involved
An opportunity to influence the future of SAML
Resolve issues your organization has with SAML
Join the Security Services TC All work available online and by
email Telephone meetings alternate
Tuesdays 12:00 PM ET
Questions?