ICAM SAML 2.0 WB SSO Profile 1.0.2

From IDESG Wiki
Revision as of 04:00, 28 June 2018 by Omaerz (talk | contribs) (3 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Title: Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile


Category: Authentication Protocol Interoperability Profile


Date: 12/16/2011


Creator: ICAM


URL: http://www.idmanagement.gov/documents/SAML20_Web_SSO_Profile.pdf


Description: A SAML 2.0 deployment profile designed to meet Federal government requirements and minimize government risk, promote a consistent user experience and maximize interoperability. It includes three SAML features: single signon, session reset and attribute exchange. It does not require the use of any specific attributes in the authentication exchange, provide a discovery mechanism for attributes, nor discuss the impact of Backend


Privacy: Implementers are referred to FICAM TFPAP Section 3.3 and advised that many of those privacy principles can be achieved outside the scope of SAML.


Security: The document is an information security profile. It requires IdPs and RPs to use "approved cryptographic modules per [FIPS140]" but does not clearly specify whether FIPS 140-2 certification is required, nor what security level.


Interoperability: The document promotes interoperability by providing a common SAML 2.0 profile.


Terms: Account, Approved, Assert, Authentication Session, Binding, Consolidated Metadata, Digital Encryption, Digital Signature, Discovery, Extensible Markup Language, Holder-of-key Assertion, Identity Provider, Metadata, Persistent, Protected Session, Pseudonymous Identifier, Security Assertion Markup Language, Security Token Service, Signature Verification