This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
SAML Attribute Statement
SAML Attribute Statement

Version management

Difference between version and

At line 1 added 38 lines
!!! Overview
* An issuing authority asserts that subject "S" is associated with attributes "A", "B", ... with values "a", "b", "c"...
* Useful for distributed transactions and authorization services
* Typically this would be gotten from an LDAP repository
** "john.doe" in "example.com"
** is associated with attribute "Department"
** with value "Human Resources"
Attributes of a user (such as their role and spending limit) might be passed in a distributed transaction or as part of the "outsourcing" of an authorization decision.
These assertions will be cryptographically bound to the transaction in a way that is defined as part of the SAML specification.
Attributes are the universal solvent of security information. Authentication and authorization information could be passed as attributes, but SAML chose to optimize for those common cases.
The particular [SAML] deployment could certainly choose to use attribute statements only.
!! Eaxmple
{{{
<saml:Assertion ...>
<saml:AuthenticationStatement
AuthenticationMethod="password"
AuthenticationInstant="2009-12-03T10:02:00Z">
<saml:Subject>
<saml:NameIdentifier
SecurityDomain=cisus.com"
Name="jimuser" />
<saml:ConfirmationMethod>
http://...core-25/sender-vouches
</saml:ConfirmationMethod>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
}}}
SAML only requires attribute names to be qualified as being in a "[namespace]", which need not be [XML namespace], so that you can indicate the universe in which the attributes of interest were defined. This makes SAML neatly extensible in this area.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop