[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML Elevator Speech
(Hi, Roger!) The attempts here look an awful lot like the "SAML in a technical nutshell" slide (#2) from my SAML Basics set: http://www.oasis-open.org/committees/download.php/12958/SAMLV2.0-basics.pdf SAML in a technical nutshell: - XML-based framework for marshaling security and identity information and exchanging it across domain boundaries . Wraps existing security technologies rather than inventing new ones . Its profiles offer interop for a variety of use cases, but you can extend and profile it further - At SAML's core: assertions about subjects . Assertions contain statements: authentication, attribute, entitlement, or roll-your-own ==== If you're ascending a really tall building, you could try slide #3 (originally stolen from Prateek's slides, I think): ==== Key use cases covered by SAML out-of-the-box - Single sign-on . Using standard browsers . Using enhanced HTTP clients (such as handheld devices) that know how to interact with IdPs but are not SOAP-aware - Identity federation . Using a well-known name or attribute . For anonymous users by means of attributes . Using a privacy-preserving pseudonym - Attribute services . Getting attributes that can be interpreted according to several common attribute/directory technologies - Single logout ==== Other favorites are the graphic from slide #9 and the (now classic and frequently copied :-) ) slide #14... Eve Costello, Roger L. wrote: > Hi Folks, > > > > I am trying to boil down SAML to its essence. Below is what I’ve come > up with. > > > > *SAML Elevator Speech* > > > > A service provider can ask an authority one of these questions: > > > > 1. Have you authenticated this ____ subject? > 2. For this ____ subject, what are his values for these ____ attributes? > 3. Should this ____ subject be allowed to take these ____ actions on > this ____ resource? > > > > > > An authority can make these statements (assertions): > > > > 1. This ____ subject was authenticated on this ____ datetime, using > this ____ mechanism. > 2. This ____ subject has this ____ value for this ____ attribute. > 3. For this ____ subject, taking this ____ action on this ____ > resource, the decision is ____. > > > > > > Is this an accurate assessment of what you can do with SAML? Is it > complete? /Roger > -- Eve Maler +1 425 947 4522 Technology Director eve.maler @ sun.com CTO Business Alliances group Sun Microsystems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]