Summary

 <  Day Day Up  >  

This chapter provided your introduction to SAML. SAML addresses the problem of transporting identity and in so doing creates the notion of portable trust . This concept is important because the Web, and Web services more particularly, connect organizations that do not have the same trust domains. Having different trust domains means that different users are known to each organization, and different rules and processes exist to establish who the users are and what they are allowed to do. Portable trust introduces the concept of trust assertions, which are claims that an identity ”called a Subject ”makes on its behalf and that someone must vouch for.

SAML is three XML-based mechanisms: assertions, a protocol, and a set of bindings. The three types of SAML assertions are authentication, attribute, and authorization. The SAML protocol is a request/response protocol that tracks the types of assertions. Together, an authentication request, attribute request, and authorization request elicit an SAML protocol response. For each type of assertion, there can be an independent third-party authority for policy decisions and enforcement.

Eventually, there will be multiple SAML bindings, but currently the specification requires the SOAP over HTTP binding. In this binding, the SAML information is contained in the SOAP body.

SAML profiles describe how SAML assertions are embedded into a protocol. A browser profile and a SOAP profile specify how to secure SAML when it is a SOAP payload. WS-Security specifies an SAML profile as well.

SAML is one of the tokens defined by WS-Security. In the WS-Security profile, SAML assertions are attached to SOAP messages by placing them inside a WS-Security SOAP header.

The Liberty Alliance's Project Liberty is a major application of SAML. SAML is being used in Project Liberty to provide federated identity . Within a federation of connected organizations, trust is established such that when one organization authenticates a subject, the other organizations within that federation do not require re-authentication. This means after authentication by one member, a subject can move freely around a federation using services from all members . This capability is important for B2B Web services to successfully connect organizations into trusted value chains doing real business with each other.

With SAML, as well as XML Encryption and XML Signature under your belt, you are now ready to apply these fundamental security building blocks to building secure Web services. You are now ready to dive into WS-Security, the subject of Chapter 7.

 <  Day Day Up  >  


Securing Web Services with WS-Security. Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption
ISBN: 0672326515
EAN: 2147483647
Year: 2004
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net