Apology and SAML contribution for Authentication appendix E

[Kerry Blinco <kblinco@powerup.com.au>]

Ray 

I won't be on the call on Wednesday - I am still recuperating from surgery.

Following is a suggested addition to the Authentication Appendix E and was prepared by Dr Chi Nguyen.  

Chi is: 

RAMP Project Manager & AAF Project Technical Advisor

Macquarie E-Learning Center of Excellence,

Macquarie University,

The AAF is the Australian Access Federation - ie the Australian Universities implementation of Shibboleth.  Chi is also doing implementation work on XACML and SAML with FEDORA  

I haven't read this in detail being off ill and pass on unedited.

regards

Kerry

Web Services Security and Security Assertion Markup Language (SAML) Security Tokens
 The OASIS committee has defined the Web Services Security (WS-Security) Standard[1] which specifies how different security tokens, signature formats and encryption technologies are to be used for secure Web service, in terms of end-to-end message content security, and not just transport-level security. The signatures and security tokens are defined within the <wsse:Security> element of a SOAP message header.

An important security token format used by WS-Security is the SAML Security Token. The SAML standard[2] specifies how authentication and attribute assertions about a subject can be made from a trusted source. In a federated environment, these assertions would typically come from a trusted authentication and attribute authority (referred to as the Identity Provider), and allow the receiver (often referred to as the Service Provider) to make authorization decisions based on these attributes. The assertions are signed to ensure integrity, and can optionally be encrypted to preserve confidentiality.

By leveraging WS-Security and SAML tokens, an SRU/SRW search service (acting as a Service Provider in the SAML scenario above) can authenticate and authorize a search request simply based on the SAML assertions contained in its request header. This allows the search service to be available to a much wider set of users from many different security domains, not just the traditional local security domain.

[1] http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf

[2] http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security#samlv20

On 19/10/2007, at 5:34 AM, rden@loc.gov wrote:

Draft agenda added. 

 -- Ray Denenberg

Technical Committee Telephone Conference has been modified by Ray Denenberg

Date:  Wednesday, 24 October 2007

Time:  09:00am - 10:30am ET

Event Description:

Toll-free number: 888-448-7101

International Dial-In number: 816-650-0813

Participant code:7646073

Host: Ralph

Agenda:

Draft agenda as of October 18, subject to change. 

1. Strawman Document

       a. OpenSearch

       b. Missing:

                i. XML and WSDL files 

                ii. data model

                iii. shiboleth/SAML

                iv. overview

2. Coordination with SRU Implementors

3. Announcements, publicity

4. Substantive Technical issues

         a. REST

         b. ATOM (or RSS) as a response schema

         c. Scan

5. Less Substantive

        a. XCQL

        b. CQL model and UML

6. open items from earlier meetings

7. Administrative

        a. Next Steps

        b. Next Meeting

        c. Cost of calls

Minutes:

View event details:

http://www.oasis-open.org/apps/org/workgroup/search-ws/event.php?event_id=16824

PLEASE NOTE:  If the above link does not work for you, your email

application may be breaking the link into two pieces.  You may be able to

copy and paste the entire link address into the address field of your web

browser.

<ical_16824.ics>

---------------------------------------------------------------------

To unsubscribe from this mail list, you must leave the OASIS TC that

generates this mail.  You may a link to this group and all your TCs in OASIS

at:

https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

Kerry Blinco
e-Framework and Standards Manager, Link Affiliates, University of Southern Queensland; and
Technical Standards Adviser to the Department of Education Science and Training (DEST).  Australia.
Email:     kblinco@powerup.com.au
Phone:   +61 7 3871 2699             
Ph (Mobile) :    +61 419 787 992

The information contained in this e-mail message and any files may
be confidential information, and may also be the subject of legal professional privilege. 
If you think you may not be the intended recipient, or if you have received this e-mail in error,
please contact the sender immediately and delete all copies of this e-mail. If you are not the intended
recipient, you must not reproduce any part of this e-mail or disclose its contents to any other party.

This email represents the views of the individual sender, except where the sender expressly states otherwise.