|
Identity Provider (SAML)
A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML). In the SAML domain model, a ''SAML authority'' is any system entity that issues SAML assertions. Two important examples of SAML authorities are the authentication authority and the attribute authority. Definition A ''SAML authentication authority'' is a system entity that produces SAML authentication assertions. Likewise a ''SAML attribute authority'' is a system entity that produces SAML attribute assertions. A SAML authentication authority that participates in one or more SSO Profiles of SAML is called a ''SAML identity provider'' (or simply ''identity provider'' if the domain is understood). For example, an authentication authority that participates in SAML Web Browser SSO is an identity provider that performs the following essential tasks: # receives a SAML authentication request from a rely ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Assertion Markup Language
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also: * A set of XML-based protocol messages * A set of protocol message bindings * A set of profiles (utilizing all of the above) An important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.J. Hughes et al. ''Profiles for the OASIS Security Assertion Markup Langu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Service Provider (SAML)
A SAML service provider is a system entity that receives and accepts authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML). In the SAML domain model, a ''SAML relying party'' is any system entity that receives and accepts information from another system entity. Of particular interest is a SAML relying party that receives and accepts a SAML assertion issued by a SAML authority. An important type of SAML authority is the SAML identity provider, a system entity that issues authentication assertions in conjunction with an SSO profile of SAML. A relying party that consumes such assertions is called a ''SAML service provider'' (or simply ''service provider'' if the domain is understood). Thus ''a SAML service provider is a system entity that receives and accepts an authentication assertion issued by a SAML identity provider.'' See also * Security Assertion Markup Language Security Assertion Markup Language (SAML ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SAML Metadata
The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS (organization), OASIS in 2005. A SAML metadata document describes a SAML deployment such as a identity provider (SAML), SAML identity provider or a service provider (SAML), SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability. Overview To securely interoperate, partners share metadata in whatever form and by whatever means possible. In any case, at least the following metadata must be shared: * Entity ID * Protocol endpoints (bindings and locations) Every SAML system entity has an entity ID, a globally-unique identifier used in software configurations, relying-party databases, and client-side cookies. On the wire, every SAML protocol message contains the entity ID of the issuer. For authentication purposes, a SAML message may be digitally signed by the issuer. To verify the signature ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Identity Provider
An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Identity providers offer user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be ''federated'', that is, it consumes federated identity. An identity provider is “a trusted provider that lets you use single sign-on (SSO) to access other websites.” SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface. Identity providers can facilitate connections between cloud computing resources and users, thus decreasing the need for users to re-authenticate when using mobile and roaming applications. Types of identity provid ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
