Difference between revisions of "SAML assertions"

From Wiki @ Karl Jones dot com
Jump to: navigation, search
(Created page with "In Security Assertion Markup Language (SAML), an assertion contains a packet of security information. == Description == Assertion structure: <pre> <saml:Assertion ...>...")
 
(External links)
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
In [[Security Assertion Markup Language]] (SAML), an assertion contains a packet of security information.
+
In [[Security Assertion Markup Language]] (SAML), an '''assertion''' contains a packet of security information.
  
 
== Description ==
 
== Description ==
Line 45: Line 45:
  
 
* [https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language#SAML_Assertions SAML assertions] @ Wikipedia
 
* [https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language#SAML_Assertions SAML assertions] @ Wikipedia
 +
 +
[[Category:Computing]]
 +
[[Category:Web design and development]]
 +
[[Category:Web security]]
 +
[[Category:XML]]

Latest revision as of 05:36, 25 April 2016

In Security Assertion Markup Language (SAML), an assertion contains a packet of security information.

Description

Assertion structure:

 <saml:Assertion ...>
   ..
 </saml:Assertion>

Loosely speaking, a relying party interprets an assertion as follows:

Assertion A was issued at time t by issuer R regarding subject S provided conditions C are valid.

SAML assertions are usually transferred from identity providers to service providers. Assertions contain statements that service providers use to make access-control decisions.

Three types of statements are provided by SAML:

  • Authentication statements
  • Attribute statements
  • Authorization decision statements


Authentication statements assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication. Other information about the authenticated principal (called the authentication context) may be disclosed in an authentication statement.

An attribute statement asserts that a subject is associated with certain attributes.

An attribute is simply a name-value pair.

Relying parties use attributes to make access-control decisions.

An authorization decision statement asserts that a subject is permitted to perform action A on resource R given evidence E.

The expressiveness of authorization decision statements in SAML is intentionally limited.

More-advanced use cases are encouraged to use XACML instead.

See also

External links