orchard-maler assertion proposal saml f2f #3 david orchard, eve maler this presentation will...
TRANSCRIPT
Orchard-MalerAssertion Proposal
SAML F2F #3
David Orchard,
Eve Maler
Outline
PrinciplesPrinciple: Top-typingPrinciple: Namespaces and SchemaPrinciple: Vocabulary re-useQueriesResponsesAssertion PackagesSubject AssertionAttribute AssertionAuthorization AssertionClaim vs Assertion
Principles
“Constrain Early and Often”– Top-typing
Fully leverage Namespaces and Schema for extensibility and re-use– Extension mechanisms– Attribute Values– Subject Assertions
Re-use Existing vocabularies– Ie Xquery if complex Queries
Usage of AttributesOptimize for the Simple cases
Principle:Top-Typing
OM defines cardinalities for all assertions– Ie subjectAssertion MUST have 1 subject
Assertions are not re-used for queriesIf Assertions re-used, should be
additional types(s)Cardinalities of 0..* for all elements have
dubious type safety.
Principle:Namespaces & SchemaWherever possible, use namespaces for
mixing content and schema for extensibility
All Assertions are types– Place for adding new Assertions– Subject Assertions have a required subject
• Reduces need for 3+ subject references• And allows SubjectAssertionsPackage
Attributes are vocabulary specific– Mixed in using Schema wildcard, <any>– Attributes are in attribute language, not
SAML language
Principle: Vocabulary re-use
Never re-invent the wheel, unless our wheel is much simpler than others
IFF we have complex queries, then re-use Xquery
Allow vocabularies to define their own attributes
Request
Contain a queryCurrently Xquery
– Allows complex Queries– Clients loosely coupled to Server
• Clients can change queries without changing the specification
– High performance– Allows queries against XML defined attributes
Also contains optional SubjectAssertionPackage– For passing in subject info, like
authentication, attribute assertions
Response
Contain AssertionsPackageLittle controversy here
AssertionsPackage
Container for AssertionsLittle controversy here
SubjectAssertions & SAPackage
Assertions that contain a subjectExample of Top-typing in actionAttribute, Authentication,
AuthorizationAssertions do not need to declare subject
SubjectAssertionsPackage can make use of, so it’s stronger typed than Assertions Package
AuthorizationAssertion
Binds resources, permissions to subjects
Used for query operations– How does one ask “Can alice Read Y”
without one of these?Optimized for simple case– 1 subject has 1 permission for 1 resource
Possible for multiple resources by having multiple Resources and/or Permissions– Or multiple AuthorizationAssertions
AttributeAssertion
Contains attributes for a subjectThe use of XML Schema wildcard
allows arbitrary elementsWe expect these are defined in
external vocabulariesOptimized for the simple case,
which is 1 XML vocabulary that expresses open-ended attribs.
Claim vs Assertion
OM defines an Assertion as facts relating to 1 subject– Attributes, Authentication, Authorization
Further allows arbitrary # of attribute facts, yet only 1 authorization fact per assertion
This difference in style is due to the source of the facts.– Attributes are defined externally, so there is
no way for SAML to control how many– Authorizations are defined by SAML, so
SAML can control an assertion to exactly 1.