SAML

Size: px

Start display at page:

Download "SAML"

りえうるしはた
5 years ago
Views:

1 XML Consortium SWG ( )NTT ( )

2 Copyright XML Consortium 2003/06/02 1

3 Copyright XML Consortium 2003/06/02 2

4 /5 6/2 Copyright XML Consortium 2003/06/02 3

5 Copyright XML Consortium 2003/06/02 4

6 OASIS = Organization for the Advancement of Structured Information Standards Copyright XML Consortium 2003/06/02 5

7 Profile Authority Response Binding Assertion Requestor Request User Copyright XML Consortium 2003/06/02 6

8 <saml:assertion MajorVersion= 1 MinorVersion= 0 AssertionID= Issuer= JFB Tourist IssueInstant= T10:02:00Z > <saml:conditions NotBefore= T10:00:00Z NotOnOrAfter= T10:05:00Z /> <saml:authenticationstatement AuthenticationMethod= urn:oasis:names:tc:saml:1.0:am:password AuthenticationInstant= T10:02:00Z > <saml:subject> <saml:nameidentifier Format= #X509SubjectName > cn=shimoda,o=jfbportal.c=jp</saml:nameidentifier> </saml:subject> </saml:authenticationstatement> </saml:assertion> JFB Copyright XML Consortium 2003/06/02 7

9 Authority SAML Protocol Request Assertion Query ( ) Requestor Response Assertion Assertion Copyright XML Consortium 2003/06/02 8

10 SAML Protocol Request Response SAML 1.0 SOAP-over-HTTP binding HTTP binding, TCP/IP binding POST /SamlService HTTP/1.1 SOAP Message Host: Content-Type: SOAP Header text/xml Content-Length: nnn SOAPAction: SOAP Body <SOAP-ENV:Envelope xmlns:soap- ENV= > SAML Request or <SOAP-ENV:Body> <samlp:request Response xmlns:samlp:= xmlns:saml= xmlns:ds= > <ds:signature> </ds:signature> <samlp:authenticationquery> </samlp:authenticationquery> </samlp:request> SOAP-over-HTTP Binding </SOAP-ENV:Body> </SOAP-ENV:Envelope> Copyright XML Consortium 2003/06/02 9

11 Web Browser SSO Profiles of SAML Browser/Artifact Profile of SAML Browser/POST Profile of SAML Cookie Browser/Artifact Profile SOAP Profile of SAML SAML Web Copyright XML Consortium 2003/06/02 10

12 SAML1.1 SAML 1.0 SAML /5/16 Copyright XML Consortium 2003/06/02 11

13 Copyright XML Consortium 2003/06/02 12

14 Copyright XML Consortium 2003/06/02 13

16 SAML < > < > Copyright XML Consortium 2003/06/02 15

17 < > ID=shimoda Copyright XML Consortium 2003/06/02 16

18 < > A ASP:Application Service Provider Copyright XML Consortium 2003/06/02 17

19 SAML Copyright XML Consortium 2003/06/02 18

20 Copyright XML Consortium 2003/06/02 19

21 NTT

22 SAML Copyright XML Consortium 2003/06/02 21

23 Windows XP Professional SP1 J2SDK BEA WebLogic 7.0 WebLogic SSPI(Security Service Provider Interface) JAAS (Java Authentication and Authorization Service) Apache SOAP 2.1 Apache XML Security 1.05D2 Copyright XML Consortium 2003/06/02 22

24 SAML Assertion (Authorization Assertion ) SAML Protocol Browser/Artifact SOAP Binding WebLogic 6Ks : HTML, JSP Copyright XML Consortium 2003/06/02 23

25 XML Consortium SWG

26 20H SAML OpenSAML OpenSAML Copyright XML Consortium 2003/06/02 25

27 Windows XP Professional SP1 J2SDK Jakarta Tomcat Apache Axis 1.1 Release Candidate 2 Apache XML Security 1.0.5D2 OpenSAML Copyright XML Consortium 2003/06/02 26

28 OpenSAML SAML (Apache/BSD-style ) Internet2(UCAID) Shibboleth Java and C++ SAML v1.0 v1.1 SAML Browser/POST # Browser/artifact URL OpenSAML : Internet2 Shibboleth : Copyright XML Consortium 2003/06/02 27

29 Browser/Artifact SOAP Binding 1.5ks 11 HTML, JSP <Authority> Travel Menu Provider Manager Artifact Manager Redirector SAML Publisher <Requestor> Rental Menu Rental Processor Provider Manager Artifact Processor Authn Filter Attr Requestor Copyright XML Consortium 2003/06/02 28

31 SAML SSO OpenSAML(Tomcat) Servlet 2.3 Filter WebLogic 7.0 SSPI,JAAS SSO SSO SAML SAML Authn Filter Tomcat Rental ( ) Menu Rental Processor Tomcat, OpenSAML Copyright XML Consortium 2003/06/02 30

32 Copyright XML Consortium 2003/06/02 31

33 ContactXML Liberty 1.2 Personal Profile ContactXML User uid= shimoda shimoda ContactXML xmlns=" =" PersonName Address Private xmlns=" ="uri:sec-swg.xmlconsortium.org FamilyType single Preference icehockey Mileage xmlns=" ="uri:sec-swg.xmlconsortium.org" MemberType Silver Copyright XML Consortium 2003/06/02 32

34 SAML1.0 SAML Request Authority SSL HTTP Basic KeyInfo) SSO Query Subject( AttributeName,AttributeNamespace( ) Copyright XML Consortium 2003/06/02 33

35 SAML1.0 XML 1.0 References draft-sstc sstc-xmlsig-guidelines-03 XPath Filter2 SAML1.1 XPath Filter2 Copyright XML Consortium 2003/06/02 34

36 SAML cf. Liberty - SAML1.0 SSO (OASIS Security Services TC SAML1.0 OpenSAML OpenSAML SAML1.0 SAML API Copyright XML Consortium 2003/06/02 35

37 Copyright XML Consortium 2003/06/02 36

38 ( ) ( ) Copyright XML Consortium 2003/06/02 37

39 NTT Copyright XML Consortium 2003/06/02 38

41 JFB( ) ( ) (Cookie ) SAML! Copyright XML Consortium 2003/06/02 40

42 Copyright XML Consortium 2003/06/02 41

43 Copyright XML Consortium 2003/06/02 42

44 Copyright XML Consortium 2003/06/02 43

45 Liberty Alliance SAML XML Signature WS-Security SOAP HTTP / HTTPS Copyright XML Consortium 2003/06/02 44

46 Copyright XML Consortium 2003/06/02 45

47 Liberty Identity Federation Framework (ID-FF) SAML1.0 XMLDSIG SOAP WSS SAML WAP SSL/TLS XMLEnc WSDL Copyright XML Consortium 2003/06/02 46

48 <saml:assertion AssertionID="YdfOs8J0Xab IssueInstant=" T02:01:36Z Issuer=" xsi:type="lib:assertiontype xmlns:lib= > <saml:authenticationstatement AuthenticationInstant=" T02:01:36Z" xsi:type="lib:authenticationstatementtype"> <saml:subject xsi:type="lib:subjecttype"> <lib:idpprovidednameidentifier> m0xk7wzq2sya4xe9tjgvarfn6r </lib:idpprovidednameidentifier> <saml:nameidentifier> Hnho/gm0xk7wZQ2Sya4xe9tJGvarfN6R </saml:nameidentifier> </saml:subject> </saml:authenticationstatement> </saml:assertion> Liberty AssertionType Statement, Subject Liberty ID Copyright XML Consortium 2003/06/02 47

49 Airline,inc ID:sakata123 ID sakata SAML+) CarRental.inc ID:msakata ID Federation/Account Linking) ID Copyright XML Consortium 2003/06/02 48

50 Liberty Identity Federation Liberty Identity Services Framework (ID-FF) Interface Specifications(ID-SIS) ID Liberty Identity Web Service Framework(ID-WSF) XMLDSIG SOAP WSS SAML WAP Privacy SSL/TLS and Security XMLEnc Best Practices WSDL Copyright XML Consortium 2003/06/02 49

51 Airline,inc CarRental,inc ID ID ID- WSF Discovery Service (Identity UDDI?) Copyright XML Consortium 2003/06/02 50

52 Copyright XML Consortium 2003/06/02 51

53 OASIS SAML SAML SAML Assertions and Protocol SAML Bindings and Profiles SAML SAML SAML XML Web 4 SSO XML SAML Liberty Alliance OpenSAML TSIK(Trust Service Integration Kit) Copyright XML Consortium 2003/06/02 52

54 Copyright XML Consortium 2003/06/02 53

untitled

untitled SAML 2004 12 9 y-endo@ah.jp.nec.com 2. SAML SAML SAML SAML SAML SSO SAML 4. Liberty Alliance Liberty Liberty ID-FF1.2 NEC Corporation 2004 2 PKI ID NEC Corporation 2004 4 PKI ID NEC Corporation 2004 5