BAE SAML 2.0 Profiles

From IDESG Wiki
Jump to navigation Jump to search

Title: Security Markup Language (SAML) 2.0 Identifier and Protocol Profiles for Backend Attribute Exchange (BAE) v2.0


Category: Authentication Protocol Interoperability Profile


Date: 1/23/2012


Creator: ICAM


URL: http://www.idmanagement.gov/documents/BAE_v2_SAML2_Profile_Final_v1.0.0.pdf


Description: A SAML 2.0 profile to support direct or brokered attribute exchange over the Backend Attribute Exchange system. It supports names based on FASC-N (from a PIV authentication certificate), UUID (from a PIV-I authentication certificate) or a general X.509 Subject Distinguished Name. It provides a mechanism for looking up sources of metadata information from a repository based on the FASC-N (for government users) and the AKI and organization name for non-government PIV-I users.


Privacy: The document recommends that BAE servers not store user identities in log files, but it is not required.


Security: The document is an information security profile. It promotes security by specifying a mechanism for relying parties to obtain user attributes.


Interoperability: The document promotes interoperability by providing a common profile for BAE messages.


Terms: