Skip to Content.
Sympa Menu

mace-opensaml-users - RE: How to create authentication using SAML and Security concerns!

Subject: OpenSAML user discussion

List archive

RE: How to create authentication using SAML and Security concerns!


Chronological Thread 
  • From: "Wilcox, Mark" <>
  • To: <>, <>
  • Subject: RE: How to create authentication using SAML and Security concerns!
  • Date: Fri, 16 May 2003 12:11:46 -0400
Title: How to create authentication using SAML and Security concerns!
I'm not sure you know what you're looking for :).
 
SAML provides a standard way for passing authorization statements around. It appears that much of this information is going to be demographic in nature (This request is from Mark Wilcox, he works at WebCT, Inc. We validated this based on his username and password verified against our LDAP server). This data is signed (and optionally completely encrypted) using Public Key Infrastructure -- normally X.509, not PGP (similar concept, different protocol).
 
What PKI provides is a greater level of trust between 2 sites so that you can more reliably base security decisions based on information provided from the external site via SAML.
 
The risk factor in SAML is really no different than any other system like this. And the risk factors are IMHO outweighed by the benefits.
 
Mark
-----Original Message-----
From: [mailto:]
Sent: Sun 5/11/2003 3:10 PM
To:
Cc:
Subject: How to create authentication using SAML and Security concerns!

Hi!
I am trying to learn SAML. I have downloaded OpenSAMl
and SAML from Phaos. I would like to implement
authorization and authentication for a web site using
SAML. How should I proceed? ( I went through the
examples and documents SAML provides... but like to
know how other are doing and defacto standards are.)
And also is there any document that talks about
potential security risks in using SAML. Does using
SAML provides any additional security than what the
browser is implementing. For example SAML Assertions
can be signed using PGP. Does SAML provides any
additional layer of security than what PGP provides?

Thanks,
Harini Upadhyaya

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

    http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--


Archive powered by MHonArc 2.6.16.

Top of Page