Using SAML with WS-Security

Previous page
Table of content
Next page
 <  Day Day Up  >  

SAML profiles are like documented processes that define patterns of SAML usage needed to secure a resource. Like Pretty Good Privacy (PGP), SAML is designed to work without a centralized certificate authority. This is why SAML is the basis for Liberty Alliance's federated identity system, which we describe in the next section.

Note that SAML assumes the resource owner trusts the SAML authorities and these authorities know the subject requesting an SAML security assertion. Transactions between two parties that do not know each other still need a trusted third party. In such cases, WS-Security needs to use XKMS instead of SAML.

The detailed introduction to WS-Security is still to come in the next chapter. Knowing that WS-Security is basically security extensions to SOAP is sufficient understanding to explore how SAML fits into WS-Security here.

The WS-Security SAML Profile

WS-Security defines an SAML profile (but confusingly calls it the WS-Security SAML binding) for securing SOAP messages. The WS-Security profile of SAML is based on a single interaction between a sender and a receiver. The sender is a Web service consumer who obtains one or more SAML assertions. Next, the sender adds the assertions to a SOAP message destined for the receiver (a Web service provider). The receiver processes the assertions present in the SOAP message. As with the SAML profile for SOAP, with the WS-Security SAML profile, the SAML assertion about the SOAP message is included as part of the SOAP header.

SAML is just one of the security tokens defined by WS-Security. A good way to think about WS-Security is that it is a specification that takes XML security (XML Encryption and XML Signature); links that with pre-existing security technologies that it calls tokens, such as X.509, Kerberos, and SAML; and binds it all to SOAP so that it can become part of a secure Web service interaction.

You attach SAML assertions to SOAP messages using WS-Security by placing assertion elements or references to assertions inside a <wsse:Security> header. Listing 6.12 illustrates a SOAP message containing an SAML assertion in a <wsse:Security> header.

Listing 6.12. A SOAP Message with a <wsse:Security> Header Using a <saml:Assertion> Security Token 
 <S:Envelope xmlns:S="...">   <S:Header>     <wsse:Security xmlns:wsse="...">       <saml:Assertion         MajorVersion="1"         MinorVersion="0"         AssertionID="SecurityToken-ef375268"         Issuer="jothy"         IssueInstant="2002-07-23T11:32:05.6228146-07:00"         xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">       ...     </saml:Assertion>       ...     </wsse:Security>   </S:Header>   <S:Body>     ...   </S:Body> </S:Envelope>

 <  Day Day Up  >  

Previous page
Table of content
Next page
Securing Web Services with WS-Security. Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
ISBN: 0672326515
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Jothy Rosenberg, David Remy
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
The CISSP and CAP Prep Guide: Platinum Edition
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
Cultural Imperative: Global Trends in the 21st Century
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy