ICAM SAML 2.0 WB SSO Profile 1.0.2

Title: Security Assertion Markup Language (SAML) 2.0 Web Browser Single Sign-on (SSO) Profile

Category: Authentication Protocol Interoperability Profile

Date: 12/16/2011

Creator: ICAM

URL: http://www.idmanagement.gov/documents/SAML20_Web_SSO_Profile.pdf

Description: A SAML 2.0 deployment profile designed to meet Federal government requirements and minimize government risk, promote a consistent user experience and maximize interoperability. It includes three SAML features: single signon, session reset and attribute exchange. It does not require the use of any specific attributes in the authentication exchange, provide a discovery mechanism for attributes, nor discuss the impact of Backend

Privacy: Implementers are referred to FICAM TFPAP Section 3.3 and advised that many of those privacy principles can be achieved outside the scope of SAML.

Security: The document is an information security profile. It requires IdPs and RPs to use "approved cryptographic modules per [FIPS140]" but does not clearly specify whether FIPS 140-2 certification is required, nor what security level.

Interoperability: The document promotes interoperability by providing a common SAML 2.0 profile.

Terms: Account, Approved, Assert, Authentication Session, Binding, Consolidated Metadata, Digital Encryption, Digital Signature, Discovery, Extensible Markup Language, Holder-of-key Assertion, Identity Provider, Metadata, Persistent, Protected Session, Pseudonymous Identifier, Security Assertion Markup Language, Security Token Service, Signature Verification