OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML Elevator Speech

(Hi, Roger!)  The attempts here look an awful lot like the "SAML in 
a technical nutshell" slide (#2) from my SAML Basics set:

http://www.oasis-open.org/committees/download.php/12958/SAMLV2.0-basics.pdf

SAML in a technical nutshell:

- XML-based framework for marshaling security and identity 
information and exchanging it across domain boundaries
   . Wraps existing security technologies rather than inventing new ones
   . Its profiles offer interop for a variety of use cases, but you 
can extend and profile it further

- At SAML's core: assertions about subjects
   . Assertions contain statements: authentication, attribute, 
entitlement, or roll-your-own
====

If you're ascending a really tall building, you could try slide #3 
(originally stolen from Prateek's slides, I think):

====
Key use cases covered by SAML out-of-the-box

- Single sign-on
   . Using standard browsers
   . Using enhanced HTTP clients (such as handheld devices) that 
know how to interact with IdPs but are not SOAP-aware
- Identity federation
   . Using a well-known name or attribute
   . For anonymous users by means of attributes
   . Using a privacy-preserving pseudonym
- Attribute services
   . Getting attributes that can be interpreted according to several 
common attribute/directory technologies
- Single logout
====

Other favorites are the graphic from slide #9 and the (now classic 
and frequently copied :-) ) slide #14...

	Eve

Costello, Roger L. wrote:
> Hi Folks,
> 
>  
> 
> I am trying to boil down SAML to its essence.  Below is what I’ve come 
> up with. 
> 
>  
> 
> *SAML Elevator Speech*
> 
>  
> 
> A service provider can ask an authority one of these questions:
> 
>  
> 
>    1. Have you authenticated this ____ subject?
>    2. For this ____ subject, what are his values for these ____ attributes?
>    3. Should this ____ subject be allowed to take these ____ actions on
>       this ____ resource?
> 
>  
> 
>  
> 
> An authority can make these statements (assertions):
> 
>  
> 
>    1. This ____ subject was authenticated on this ____ datetime, using
>       this ____ mechanism.
>    2. This ____ subject has this ____ value for this ____ attribute.
>    3. For this ____ subject, taking this ____ action on this ____
>       resource, the decision is ____.
> 
>  
> 
>  
> 
> Is this an accurate assessment of what you can do with SAML?  Is it 
> complete?  /Roger
> 

-- 
Eve Maler                                         +1 425 947 4522
Technology Director                           eve.maler @ sun.com
CTO Business Alliances group                Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]