Rishi Pande wrote:
> I am not sure if this is the right place for this, but I am looking into
> implementing a SAML authority for one of the authentication products I
> work on. I haven't been able to find a good whitepaper on how to go
> about it, other than at Ping's SourceID but that does not explicitly
> mention any implementation discussions. Any leads are appreciated.
You may want to look at OpenSAML and Shibboleth implementation that
use SAML for mostly AuthN and Attribute handling.
Shibboleth is a very successful development by Internet2 Middleware
initiative. So, you can find a lot of info there:
http://shibboleth.internet2.edu/
http://middleware.internet2.edu/
WS and Grid also define std AuthZ framework using SAML:
GFD.38 Conceptual Grid Authorization Framework and Classification.
http://www.ggf.org/documents/GWD-I-E/GFD-I.038.pdf
GT 3.9.4 Authorization Framework. -
http://www-unix.globus.org/toolkit/docs/development/3.9.4/security/authzframe/
Note. SAML itself can be only a component of a complex AuthZ or AuthN
and identity mngnt infrastructure. You will need to have AuthN/Z
services, Attribute and Policy authorities, user directories, key
management, etc.
But still SAML is a solution to provide a standard format for security
assertions that will allow you to implement message/document basic
security model.
For SAML 1.1 and SAML 2.0 internal structure and its relation to other
stds for AuthN and AuthZ and one more usecase you can also look this:
Using SAML and XACML for Authorisation assertions and messaging: SAML
and XACML standards overview and usage examples.
http://www.uazone.org/demch/analytic/draft-authz-xacml-saml-01.pdf
Received on Feb 09 2005
Intro
