Comments on SAML Attribute Mgmt Protocol Contribution to OASIS Security Services TC Phil Hunt & Prateek Mishra ©2009 Oracle

Agenda Comments/Enhancements to NSN ManageAttributeRequest Privacy Enhanced SAML (C) 2009 Oracle Corporation

Summary Full Modify Capability Must be able to modify attributes with multi-value support E.g. add/drop subject to a group/role (without enumerating all members) Add Subject and Delete Subject Re-direct Response Provider can re-direct management to other IDP Start with non-discovery, single-step, solution Move SAML from SSO to single-attribute provider Enterprise IDM features Multi-provider, Discovery and Routing builds in future revision (e.g. a la ID-WSF) (C) 2009 Oracle Corporation

Use Cases Builds on NSN Use Cases but adds - Attribute Value Manipulation Ability to add/remove a subject to a target group Avoids set/get privacy/performance issue Reporting The ability to return one or more subjects based on a filter Phone book query Optional filter terms, max results specs Credential recovery? Does that IDP know my address? (C) 2009 Oracle Corporation

Why As SAML? Better to stay within a single protocol when interacting with an authority ID-WSF Discovery/WSDL model is workable, but involves major application and market change (bootstrap issue) Want to create a stepping stone in between Multi-protocol increase client app complexity Reduce barriers to use of SAML Attributes Middle-ground & Migration Pure federation suggests apps never store data Old world - RDBMS – apps own and manage data in silo Middle-ground – apps maintain data cooperatively by policy (C) 2009 Oracle Corporation

ManageSubject Request (C) 2009 Oracle Corporation

Notes Delete Handled by ManageNameIDRequest - Terminate New Response Allow IDP to issue referral/redirect response for ManageSubjectRequest & ManageNameIDRequest Allows minimal auto-routing to update providers (C) 2009 Oracle Corporation

AddSubject Subject identifier may be missing (IDP generates) Response must contain generated subject identifer (C) 2009 Oracle Corporation

ModifySubject (C) 2009 Oracle Corporation

Modify Responses Build on NSN proposal as required Can referrals be issued for specific attributes? (C) 2009 Oracle Corporation

Privacy Enhanced SAML Addition of metadata to SAML protocols to enable exchange of privacy constraints Use element to add IGF Privacy Extension to any SAML request / response (C) 2009 Oracle Corporation

IGF Privacy Extension (C) 2009 Oracle Corporation

IGF Basics CARML – Client Attribute Requirements Markup Language An XML document describing transactions, schema, and governing privacy constraints of an application Privacy Constraints WS-Policy based Information policy / Not protocol policy Describe one of more privacy related constraints on the use/propagation/storage of personal information Can be static or dynamically asserted (C) 2009 Oracle Corporation

IgfPrivacy Element Describes the location of a static CARML document containing transaction declarations, schema, and privacy constraints CARML document not usually transferred with every operation. These are long-lived application specific static declarations. DynPolicyStatements allow dynamic privacy constraints to be associated with particular attributes in a transactions E.g. subject specific constraint (due to consent limitation) (C) 2009 Oracle Corporation