Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAML CCOW Work Item: Task 2

Published byChristian Schmidt Modified over 10 years ago

Similar presentations

Presentation on theme: "SAML CCOW Work Item: Task 2"— Presentation transcript:

1 SAML CCOW Work Item: Task 2
Presented by: David Staggs, JD CISSP VHA Office of Information Standards The project includes two tasks: Task1: To provide Context Participants a way to obtain SAML assertions about the user in context. Task2: Establishing the user into context using a SAML assertion. VA: task 2, auth to SAML, CM gets ID from assertion for use with other participants. Agent extracts user ID and starts a countdown clock for the next assertion. HL7 Working Group Meeting Phoenix – May

2 Introduction: Project Scope
Integration of CCOW with Security Assertion Markup Language (SAML) tokens. SAML allows the exchange of authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions).

3 TASK 2 Description and Use Case
Establishing the user into context using a SAML assertion. USE Case: Security SOA where user authentication and authorizations are determined at network level. Authentication services provide universal SSO for all applications CCOW CM viewed authentication middleware for CCOW enabled applications and COTS products not SOA aware

4 Types of SAML Assertions
Authentication: The specified subject was authenticated by a particular means at a particular time Attribute: The specified subject is associated with the supplied attributes Authorization Decision: A request to allow the specified subject to access the specified resource has been granted or denied

5 Notional Design: getting into context
Authentication – source of the assertion Authentication Service authenticates the user directly SAML Authority passes identity/attribute assertions to Context Manager CM –assertion parsed for user id information Mapped to logon names from User Mapping Agent CM-Passed User to applications as normal ISSUE-How is Assertion Time to Live/Re-assertion managed? ISSUE-How is Assertion Time to Live/Re-assertion managed: could use a time out to warn user that a new assertion needed in 5 minutes, etc. Need to research, look at how shibboleth does is.

6 SAML IdP CCOW APP 1 CCOW APP Context Manager 2 CCOW APP Provide SAML
Assertion CCOW APP Context Manager Provide username 2 CCOW APP Patient Context

7

8 Bearer Type Authentication Assertion
The subject of the assertion is the bearer of the assertion, subject to optional constraints on confirmation using the attributes that may be present in the <SubjectConfirmationData> element. Example: The bearer of the assertion can confirm itself as the subject, provided the assertion is delivered in a message sent to “ before 1:37 PM GMT on May 9th, 2008, in response to a request with ID "_ ". Could we use a coupon for the ID?

Download ppt "SAML CCOW Work Item: Task 2"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
CS 5511 Introduction to WS Authorization Brian P. Barrett.

CS 5511 Introduction to WS Authorization Brian P. Barrett.
Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.

Step Up Authentication in SAML (and XACML) Hal Lockhart February 6, 2014.
X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.

X509-bindings-profiles-sep061 Bindings and Profiles for Attribute-based Authz in the Grid Tom Scavo NCSA.
OOI-CI–Ragouzis–2007.10.15 Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop 17-19 October 2007.

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.

Saml-v2_0-intro-dec051 Security Assertion Markup Language An Introduction to SAML 2.0 Tom Scavo NCSA.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Similar presentations

Ads by Google