SAML 2.1
Building on Success
Outline






Summary of SAML 2.0
Work done since 2.0
Objectives of SAML 2.1
Proposed Task List
Undecided Issues
Invitation to Participate
Status Overview



SAML 2.0 - OASIS Standard - March 2005
ITU-T Rec. X.1141 – June 2006
Work since 2005 has consisted of defining
additional Profiles




3 Oasis Standards
24 Committee Specifications
1 Committee Draft
Errata & Updated Technical Overview
SAML Deployments

Do we need to say something about
successful deployments of SAML
here?
SAML 2.0 Specifications

Conformance
Requirements




data for
establishing agreements
between SAML entities

The “Core” specification
Maps SAML messages
onto common
communications protocols
descriptions of user
authentication mechanisms

“How-to’s” for using SAML
to solve specific business
problems
Security and Privacy
Considerations
Security
and privacy analysis of
SAML 2.0
Profiles

Authentication Context
Detailed
Bindings

Metadata
Configuration
Required “Operational
Modes” for SAML
implementations
Assertions and Protocols



Glossary
Terms
used in SAML 2.0
Post 2.0 Profiles by Category
Category
Number of Profiles
Metadata
7
Attributes
2
Holder-of-Key
2
Deployment
2
New Protocols
4
Authentication Context
3
Kerberos
3
Other
5
Errata and Non-normative

Approved Errata


Official under OASIS TC process
SAML 2.0 Technical Overview


Greatly improved
Many diagrams, usecases, etc.
SAML 2.1 Objectives




Make specifications easier to use
Retain backward compatibility
Improve specification quality
Make small improvements
Improve Usability




Apply errata
Remove deprecated text
Provide everything needed to
implement a component (e.g. SP) in
one place
Provided detailed guidance on how
to counter threats
Backward Compatibility


Retain formats, protocols,
namespaces, except to correct
errors
Retain interoperability with deployed
implementations


Where not possible minimize and
clearly identify differences
Retain Version=“2.0” in XML
Improve Specification
Quality


Incorporate popular Profiles in core
Update normative references



e.g. XML Signature
Re-factor Conformance Requirements
Better integration of Metadata

Some Metadata support mandatory
Uncommitted Work







Add minor extension Profiles to core
Improved SSO based on field experience
Use HTML5 features
Additional session semantics
Limited unlinkability between SP and IDP
Emphasize data format compatibility
Remove unused features
Get Involved





An opportunity to influence the future
of SAML
Resolve issues your organization
has with SAML
Join the Security Services TC
All work available online and by
email
Telephone meetings alternate
Tuesdays 12:00 PM ET
Questions?