Federation Protocols
In building a federated architecture that addresses interoperability, assurance, and trust concerns across security domains, the following protocols have emerged as useful building blocks for identity management integration:- SAML 1.0 and 1.1, which define a format for security data exchange known as an assertion, and profiles which provide the means for using the assertions
- SAML 2.0, which extends SAML 1.1 to provide additional profiles.
- WS-Federation, which enables different security realms to federate by brokering trust of identities, user attributes, authentication between participating Web services
SAML 1.x
SAML 1.0 defines two key concepts:- a security token format, known as an assertion, which associates a given identity with specific access rights
- profiles that describe ways to package these assertions to provide single sign-on
SAML 2.0
SAML 2.0 includes support for single sign-on based largely on the framework developed by the Liberty Alliance ID-FF specifications.Although the concept of identity federation is not present in the specifications, SAML 2.0 promotes the existence of a name identifier for a specific use. SAML 2.0 supports a number of named profiles that largely mirror the functionality of the Liberty ID-FF 1.2 profiles, on top of the name identifiers inherited from SAML 1.x.
WS-Federation
The WS-Federation specification is "an integrated model for federating identity, authentication, and authorization across different trust realms and protocols." WS-Federation is a Web services-oriented standard which supports profiles for passive requestors, such as Web browsers, as well as active requestors such as SOAP-enabled applications.
No comments:
Post a Comment