OASIS ebXML Messaging Services TC

 View Only

SAML for Authentication vs SAML for Authorisation [SEC=UNCLASSIFIED]

  • 1.  SAML for Authentication vs SAML for Authorisation [SEC=UNCLASSIFIED]

    Posted 06-04-2014 00:21
      |   view attached
    Hi All,            I mentioned on the last call that a new way of using SAML tokens has emerged and that I was concerned that it did not follow the standard. In investigating further, I have learned that in this case, SAML has not been used as a part of authentication, rather as a part of authorisation as set out in section 7.10 of ebMS3 Core.   I have written up a short discussion to illustrate difference in mechanism. Please find attached.   Regards, Ian Otto.   Ian Otto Security Architect VANguard and Infrastructure Branch ICT Division __________________________________________ Department of Industry SAP House, Level 8.49, Bunda Street, Canberra City ACT 2600 GPO Box 9839, Canberra ACT 2601 Ph: +61-2-6276 1660 Fax: +61-2-6213 6684 Mobile: +61 403 458 215 Email:  Ian.Otto@innovation.gov.au Internet: http://www.innovation.gov.au ABN 74 599 608 295   ************************************************************************* The information contained in this e-mail, and any attachments to it, is intended for the use of the addressee and is confidential.  If you are not the intended recipient you must not use, disclose, read, forward, copy or retain any of the information.  If you received this e-mail in error, please delete it and notify the sender by return e-mail or telephone. The Commonwealth does not warrant that any attachments are free from viruses or any other defects.  You assume all liability for any loss, damage or other consequences which may arise from opening or using the attachments. The security of emails transmitted in an unencrypted environment cannot be guaranteed. By forwarding or replying to this email, you acknowledge and accept these risks. ************************************************************************* Attachment: For and Against SAML Bearer Token in ebMS3.docx Description: For and Against SAML Bearer Token in ebMS3.docx

    Attachment(s)