August 2005 - Posts

Nowadays, single sign-on is a common problem in many applications. Getting some credentials from a well-known authentication authority,
and use them later in different places is a good idea, but sometimes is difficult to implement.
Different vendors have implemented solutions to solve this problem, but they lack a main attribute, "Interoperability".
SAML comes to solve this problem, providing a secure and interoperable protocol based on xml.
SAML is an acronym for "Security Assertions Markup Language", a vendor-neutral framework for exchanging security-related information called "assertions".
Its first specification set (1.0) was developed by the "OASIS" consortium.
The SAML specification doesn't define any mechanism for authentication or authorization, instead, it establishes how identity and access information is exchanged.

Sample Scenario

This image illustrates a client using a SAML token to consume a web service.
The client and the service don't know each other, but both trust in the same authority.
So the client can authenticate once against that authority and use the SAML assertion to consume the service.

SAML implementation for WSE 3.0

An initial preview for this implementation is available in this GDN workspace, and it is based on the new policy framework shipped in WSE 3.0.
We are open to hear your feedback on on what you think about this solution, so, don't miss this opportunity.

Posted by cibrax | 1 comment(s)
Filed under:
More Posts