[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: SAML InterOp Datasheet
Thanks Steve! Hi Carol - I haven't had time to look at the sheets, but Steve was able to. I'll let you know if Eve comes back with any comments. I can't get to this myself until tomorrow or the weekend. -----Original Message----- From: Steve Anderson [mailto:sanderson@opennetwork.com] Sent: Thursday, January 13, 2005 2:18 PM To: Philpott, Robert; Eve L. Maler Subject: RE: SAML InterOp Datasheet The datasheet looks fine. The flyer is obviously last year's, and needs wholesale updating. I expect that Carol can update the description of the event and participants herself. Here's a pass at updating the scenario descriptions: ------------------------------------------------------------------------ --- The main scenario being demonstrated is a combination of Web Single Signon, and Single Logout. During Signon, the user authenticates at a chosen Identity Provider and is granted access to resources at various Service Providers without needing to reauthenticate. The actual flow of this part of the scenario can take one of three different forms: 1. The user starts at an Identity Provider. After logging in, the Identity Provider site displays a portal page containing links to external resources. When the user clicks one of those links, identity information flows from the Identity Provider to the specific Service Provider, and the Service Provider will authorize and provide the requested resource according to its security policy. 2. The user starts at a Service Provider. The Service Provider needs to identity the user, and offers either local login or a list of trusted Identity Providers. The user selects an Identity Provider, authenticates with that Identity Provider, and returns to the Service Provider with identity information. 3. The user starts at the eGov portal. The user selects an Identity Provider and a Service Provider from the portal page, and is redirected to the Service. The Service can automatically redirect the user to the previously chosen Identity Provider to authenticate. Identity information flows back to the Service Provider, and the resource request is processed. During Logout, the Identity Provider will propagate the Logout request to all Service Providers that have been given identity information for the user in the current session, allowing them to cleanup any local session data. The actual flow of this part of the scenario can take one of two different forms: 1. The user logs out at the Identity Provider. The Identity Provider notifies all affected Service Providers, and then terminates the user session at the Identity Provider. 2. The user logs out at a Service Provider. The Service Provider terminates the local user session, and then propagates the logout request to the Identity Provider that authenticated the user. The Identity Provider notifies all other affected Service Providers, and then terminates the user session at the Identity Provider. An additional scenario being demonstrated by some participants shows the steps of federating and defederating accounts. Federating accounts is generally a first-time setup step. The user initiates the federation operation (at the Service Provider, in this demonstration), authenticates at both the Identity Provider and the Service Provider, and then the two sites negotiate a unique identifier for the user, which isn't reused at any other site. Subsequent sessions for that user to flow just like the main scenario. When the user defederates accounts (at either the Identity Provider or Service Provider), the relationship between the user's account at the Identity Provider and the user's account at the Service Provider is eliminated. ------------------------------------------------------------------------ --- Feels a bit verbose for the target medium, but we can talk more about that. -- Steve Anderson OpenNetwork > -----Original Message----- > From: Philpott, Robert [mailto:rphilpott@rsasecurity.com] > Sent: Thursday, January 13, 2005 10:40 AM > To: Eve L. Maler; Steve Anderson > Cc: Philpott, Robert > Subject: FW: SAML InterOp Datasheet > > Would you guys have time to look these over and provide feedback? > > Thanks! > > Eve - I hope to get the SAML specs to you for a review in a couple of > hours. I was working very late last night (um - this morning) and just > couldn't quite finish them up. > > Rob Philpott > Senior Consulting Engineer > RSA Security Inc. > Tel: 781-515-7115 > Mobile: 617-510-0893 > Fax: 781-515-7020 > mailto:rphilpott@rsasecurity.com > > -----Original Message----- > From: Carol Geyer [mailto:carol.geyer@oasis-open.org] > Sent: Thursday, January 13, 2005 9:29 AM > To: 'Dee Schur'; 'samldemotech'; samldemomktg@lists.oasis-open.org; > samldemoprimary@lists.oasis-open.org > Cc: Philpott, Robert; 'Mishra, Prateek' > Subject: RE: SAML InterOp Datasheet > > > I've drafted a basic SAML datasheet (OASIS-saml-datasht-ltr-04-12-21) > that we might want to include in the package. Rob, Prateek, > please review and send me edits. Whether or not we use this at the RSA > Conference, I'd like to post it on the OASIS site, so people > can download it. > > We also have the OASIS InterOp sheet that was prepared for the RSA > proceedings bags (SAML-RSA-InterOp-05-01-04). It lists all the > participants, but doesn't say much about the scenario. > > It would be great to have something along the lines of last year's flyer > (SAMLinterop-flyer). If someone can send me content, I'd be > happy to lay it out. > > Thanks, > Carol > > -----Original Message----- > From: Dee Schur [mailto:dee.schur@oasis-open.org] > Sent: Wednesday, January 12, 2005 8:13 PM > To: 'samldemotech'; samldemomktg@lists.oasis-open.org; > samldemoprimary@lists.oasis-open.org > Cc: Carol Geyer (Carol Geyer) > Subject: SAML InterOp Datasheet > > Hi, > The technical call today was extremely productive. One task that I > failed to mention was the general SAML datasheet that will be > presented during the press event (in a package with all vendor product > collateral) and available to the general public during the > demo. This datasheet will describe the Standard and the InterOp > scenario. > This is a great tool but someone must take on the responsibility to > create this piece to be vetted by the OASIS SSTC and the OASIS > Director of Communications. > Please contact Robert Ciochon and Andy if you would like to create this > document. > Thanks! > Dee > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]