[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [saml-dev] SAML/XACML scenarios/samples
Hello Everyone, I am new to this forum and glad to see an active forum unlike the one on Yahoo. I read SAML/XACML specs and some related articles. But I am looking for some examples and opinions from experts which could make things more clear and helpful. Samples... I appreciate very much if anyone points me to any samples/examples available for SAML/XACML? I tried to download JSAML from Netegrity but they had taken out the free download option and the JSAML is now integrated into their other products. And there seems to be some vendors that offer SAML tools for evaluations - any recommendations? Single sign on... If two or more entities join an alliance and trust each other, should each have its own sign on service for authentication or should they all share a single sign on service. In other words should the sign on credentials of all users of all entities be managed/authenticated by one service or each take care of their own. Any cons in using single sign on as long as entities trust each other? Sample scenario... I have a scenario where users of two web services (each belong to a separate entity, but trust each other) want to share information among them. In detail: when user from entity A (user-A) makes a request to WS-A, it should also pull related information from WS-B and combines with its own data and provides to the user-A. It should work similarly for a user from entity B (user-B), such that WS-B pulls data from WS-A and combines with its own data and provides to the user-B. Using SAML... To implement SAML in this scenario, assuming I use single sign on service (SSO-WS), I think of the following approach: - user provides credentials to SSO-WS - user authenticated and provided a reference# - user forwarded to his/her entity's WS url - user submits request along with reference id - user entity's WS requests assertion from SSO-WS and receives assertion info - user entity's WS pulls data from its DB and also sends request to WS-B along with user's reference# - similarly WS-B also requests assertion from SSO-WS and receives assertion info - WS-B pulls data from its DB and sends resp to WS-A - Now, WS-A provides data from both entities to its user Using XACML... And thinking of permissions, for e.g., entity A giving full permissions to its users to access its data while entity-B giving limited permissions to users of other entities - wonder how XACML can provide rules for permissions to different users on each entity. Should SAML's authorization query be used along with having XACML rules on each entity? I really appreciate very much if anyone provides suggestions/comments on my thinking of using single sign on, saml and xacml... Thanks in advance. - Raju.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC