saml 2 0 lecp solution proposal
play

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick - PowerPoint PPT Presentation

Mar 02, 2024 •313 likes •469 views

SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003 Intent: Add an additional profile Web Browser Artifact Profile Web Browser POST Profile LECP Profile Use Case Mobile phone user accesses web

  1. SAML 2.0: LECP Solution Proposal Work Plan Item W-5a Frederick Hirsch 23 October 2003

  2. Intent: Add an additional profile ● Web Browser Artifact Profile ● Web Browser POST Profile ● LECP Profile

  3. Use Case ● Mobile phone user accesses web site for service ● Site requests authentication in HTTP response ● Client obtains authentication assertion from identity server it determines, e.g. mobile operator ● Client passes assertion to service provider ● Service provider returns response (Note: LECP may be client or proxy)

  4. Considerations ● Client (or proxy) determines appropriate identity provider ● Accommodate high-latency or unreliable networks – Minimize redirects ● Accommodate constrained devices – Limited or no cookie support – URL length limitations – Scripting limitations (e.g. ECMAScript not supported) ● Minimal impact on service providers

  5. Impact ● New profile document: LECP Profile ● Profile specific schema definitions – AuthnRequestEnvelope, AuthnResponseEnvelope – IDPList ● Core schema definitions – AuthnRequest, AuthnResponse

  6. LECP Profile ● HTTP request including liberty enabled client HTTP header ● HTTP response with AuthnRequest ● Client web services request containing AuthnRequest ● Web services response with AuthnResponse ● AuthnResponse in HTTP request to server ● Server HTTP response with service

  7. LECP Flow 200, 0K … 6 4 AuthnResponse 5 AuthnResponse SOAP HTTP GET 1 IDP LEC SP AuthnRequest SOAP 3 AuthnRequest 2

  8. AuthnRequestEnvelope ● AuthnRequest – the Liberty 1.1 authentication request ● ProviderId – Identifier for SP ● ProviderName – Human readable name for SP ● IDPList – list of IDPs acceptable to SP, optional information for LEC ● IsPassive – if “true”, do not interact with principal

  9. AuthnResponseEnvelope • AuthnResponseEnvelope • AuthnResponse • AssertionConsumerServiceURL – URL IDP anticipates based on MetaData

  10. LECP: Profile

  11. Schema elements ● AuthnRequest ● AuthnResponse ● AuthnRequestEnvelope ● IDPList ● AuthnResponseEnvelope

  12. Liberty 1.1/1.2 Changes Lib namespace changed ● AuthnRequest ● Added optional Extension element – Added support for Affiliations, optional AffiliationID element – Added NameIDPolicy, ProxyAuthn, IntroductionArtifact, consent attribute – Removed Federate element, ID attribute – Changed name of AuthnContext to RequestAuthnContext, moved related elements – to subelements AuthnResponse ● Added optional Extension element – Added optional consent attribute – Removed id attribute –

  13. Liberty 1.1/1.2 Changes AuthnRequestEnvelope ● Optional Extension element – IDPList ● Loc now required, previously optional – AuthnResponseEnvelope – no change ● Protocols & Schemas 1.2 ● https://www.projectliberty.org/specs/draft-lib-arch-protocols-schema-v1.2-17.pdf – Protocols & Schemas 1.1 ● https://www.projectliberty.org/specs/archive/v1_1/liberty-architecture-bindings-profiles-v1.1.pdf –

  14. Proposed Next Steps ● LECP Profile – Include LECP specific schema definitions ● Core schema changes – AuthnRequest, AuthnResponse

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel

A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans Access Delegation in distributed

666 views • 18 slides
Google<-SAML->Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Google<-SAML->Zscaler Integration Agenda n What is SAML? n AAA, Testing,

Summer Webinar Series Google<-SAML->Zscaler Integration Dianne Dunlap (ddunlap@mcnc.org, 919-248-8439) Client Network Engineering Webinar Links: www.mcnc.org/cne-webinars Google<-SAML->Zscaler Integration Agenda n What is

899 views • 63 slides
WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education & Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
SAML 1.1 and its uses in eduGAIN Stefan Winter <stefan.winter@restena.lu> 1 Outline

SAML 1.1 and its uses in eduGAIN Stefan Winter <stefan.winter@restena.lu> 1 Outline

Fondation RESTENA euroCAMP 04 April 2006 SAML 1.1 and its uses in eduGAIN Stefan Winter <stefan.winter@restena.lu> 1 Outline SAML 1.1 overview Abstract operations vs. SAML profile Abstract operations: changes since

165 views • 14 slides
www.farobel.com THE JRI+ 4 SOLUTION A Disruptive Proposal for the Future of Road and Highway

www.farobel.com THE JRI+ 4 SOLUTION A Disruptive Proposal for the Future of Road and Highway

www.farobel.com THE JRI+ 4 SOLUTION A Disruptive Proposal for the Future of Road and Highway Construction in the U.S. ACPA Mid Year Meeting - Jointing Task Force Chicago, June 22nd 2016 WHAT THEJRI+ 4 SOLUTION CAN DO FOR YOU? PRESENTING THE

276 views • 26 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
BID NO (PIC003/2020): REQUEST FOR PROPOSAL TO APPOINT A SUITABLY QUALIFIED BIDDER FOR THE

BID NO (PIC003/2020): REQUEST FOR PROPOSAL TO APPOINT A SUITABLY QUALIFIED BIDDER FOR THE

BID NO (PIC003/2020): REQUEST FOR PROPOSAL TO APPOINT A SUITABLY QUALIFIED BIDDER FOR THE PROVISION OF A LISTED INVESTMENT MANAGEMENT SOLUTION AND SUPPORT OF THE SOLUTION FOR A PERIOD OF TEN (10) YEARS AGENDA o WELCOME o ATTENDANCE REGISTER o

407 views • 13 slides
Proposal for a Category 5, Multi-Department Facility Presentation Outline Turn-Key Solution

Proposal for a Category 5, Multi-Department Facility Presentation Outline Turn-Key Solution

Proposal for a Category 5, Multi-Department Facility Presentation Outline Turn-Key Solution Project Background Building Benefits/Features 1. Location 2. Site Plan 3. Category 5 Construction 4. Power 5. Call Center Specs

478 views • 15 slides
Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing

Updates Jicofo Authentication : Saml v2 Multibridge support Load balancing LastN Nightly support Statistics and logging system News Atlassian has just acquired Blue Jimp, Jitsi will continue to evolve as an

795 views • 17 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, Entegrity Solutions Tim

Oasis SSTC F2F 4 th Feb 2004 W25 - Kerberos & SAML John Hughes, Entegrity Solutions Tim Alsop, CyberSafe Limited Current Document Progress Two documents : Generalised AuthnRequest Profiles Working Draft 02, 1st February 2004

239 views • 7 slides
Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype

Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype

Technology programme, http://tek.hip.fi Exploring the SAML 2.0 ECP-Profile Development of a client and a service provider prototype Carolina Lindqvist HIP summer student at CERN carolina.lindqvist[at]cs.helsinki.fi

365 views • 14 slides
Lawnmower Exchange 2019 Proposal 1. The Problem 2. The Solution 3. Program Recommendations:

Lawnmower Exchange 2019 Proposal 1. The Problem 2. The Solution 3. Program Recommendations:

Lawnmower Exchange 2019 Proposal 1. The Problem 2. The Solution 3. Program Recommendations: Agenda: Option 1: Trade-in Event Option 2: Two Trade-in Events Option 3: Summer Extension Program with Mail-Order Option 4.

343 views • 19 slides
TYNES ELEMENTARY CCUA PROPOSAL TO ACQUIRE ONE ACRE FOR RECLAIMED WATER STORAGE AND DISTRIBUTION

TYNES ELEMENTARY CCUA PROPOSAL TO ACQUIRE ONE ACRE FOR RECLAIMED WATER STORAGE AND DISTRIBUTION

TYNES ELEMENTARY CCUA PROPOSAL TO ACQUIRE ONE ACRE FOR RECLAIMED WATER STORAGE AND DISTRIBUTION FACILITY CCUA SEEKING STORAGE AND DISTRIBUTION SOLUTION IN THE PINE RIDGE/TWO CREEKS AREAS PERMANENT SOLUTION TO MEET CUSTOMER DEMAND IN THE

433 views • 9 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views • 9 slides
The next inflection point Adam Bosworth, Chief Architect, SVP BEA-Crossgain Agenda

The next inflection point Adam Bosworth, Chief Architect, SVP BEA-Crossgain Agenda

The next inflection point Adam Bosworth, Chief Architect, SVP BEA-Crossgain Agenda

583 views • 29 slides
VIM-RENAISSANCE @PrabirShrestha Nov 2019 WHO AM I? - Engineering Manager @MicrosoftFlow -

VIM-RENAISSANCE @PrabirShrestha Nov 2019 WHO AM I? - Engineering Manager @MicrosoftFlow -

VIM-RENAISSANCE @PrabirShrestha Nov 2019 WHO AM I? - Engineering Manager @MicrosoftFlow - Author of vim-lsp, asyncomplete.vim, async.vim and quickpick.vim - Author of typescript-language-server RENAISSANCE Renaissance was a period in

751 views • 20 slides
Node.js on the JVM Node.js on the JVM JavaScript Evented I/O & more JavaScript Evented I/O

Node.js on the JVM Node.js on the JVM JavaScript Evented I/O & more JavaScript Evented I/O

Node.js on the JVM Node.js on the JVM JavaScript Evented I/O & more JavaScript Evented I/O & more for the Java Enterprise Ecosystem for the Java Enterprise Ecosystem Niko Kbler ( @dasniko ) {JavaScript} Training I'm to hire! I'm

677 views • 43 slides
State of JS Implementations, 2014 Edition webengineshackfest.org Andy Wingo Agenda History

State of JS Implementations, 2014 Edition webengineshackfest.org Andy Wingo Agenda History

State of JS Implementations, 2014 Edition webengineshackfest.org Andy Wingo Agenda History New things A brief history of JS 1996-2008: slow 2014: fastish A brief history of JS 1996-2008: slow 2014: fastish Environmental forcing

782 views • 22 slides
Where The Web Is Going @jaredthenerd jaredthenerd.com Where The Web Is Going by Jared Faris is

Where The Web Is Going @jaredthenerd jaredthenerd.com Where The Web Is Going by Jared Faris is

Where The Web Is Going @jaredthenerd jaredthenerd.com Where The Web Is Going by Jared Faris is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-sa/4.0/ How the Web L b

997 views • 65 slides
50 Ways to Tweak Your Paper Some Comments on Paper Writing and Reviewing Johannes Frnkranz TU

50 Ways to Tweak Your Paper Some Comments on Paper Writing and Reviewing Johannes Frnkranz TU

50 Ways to Tweak Your Paper Some Comments on Paper Writing and Reviewing Johannes Frnkranz TU Darmstadt Knowledge Engineering Group Hochschulstrasse 10 D-64289 Darmstadt juffi@ke.tu-darmstadt.de ECML/PKDD 2017 | J. Frnkranz How did I

492 views • 32 slides
On Feature Selection, Bias-Variance, and Bagging Art Munson 1 Rich Caruana 2 1 Department of

On Feature Selection, Bias-Variance, and Bagging Art Munson 1 Rich Caruana 2 1 Department of

On Feature Selection, Bias-Variance, and Bagging Art Munson 1 Rich Caruana 2 1 Department of Computer Science Cornell University 2 Microsoft Corporation ECML-PKDD 2009 Munson; Caruana (Cornell; Microsoft) On Feature Selection ECML-PKDD 2009 1

546 views • 31 slides
Rule-Based Classification Johannes Frnkranz Knowledge Engineering Group TU Darmstadt

Rule-Based Classification Johannes Frnkranz Knowledge Engineering Group TU Darmstadt

Rule-Based Classification Johannes Frnkranz Knowledge Engineering Group TU Darmstadt juffi@ke.informatik.tu-darmstadt.de September 19, 2008 | ECML-PKDD-08 | LeGo-08 Workshop | J. Frnkranz | 1 Local vs. Global Rule learning Local Rule

792 views • 14 slides

More recommend