Topic
Security Assertion Markup Language
About: Security Assertion Markup Language is a research topic. Over the lifetime, 236 publications have been published within this topic receiving 3686 citations. The topic is also known as: SAML.
Papers published on a yearly basis
Papers
27 Oct 2008
TL;DR: This paper provides formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the Protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications), and mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols.
Abstract: Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.
298 citations
Patent•
29 Aug 2011
TL;DR: In this article, the authors describe an access provisioning system for providing support representative access to applications deployed in an enterprise network environment by defining a support user class in a user profile database.
Abstract: Embodiments are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.
153 citations
Patent•
IBM1
TL;DR: In this article, an identity session initiation protocol (SIP) application server is configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP-enabled device to attach to a telecommunications service provider network.
Abstract: A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device.
103 citations
Patent•
IBM1
TL;DR: In this article, a self-governing, self-healing and self-optimizing policy oriented grid architecture is proposed, which includes a hosting service configured for use in a computing grid.
Abstract: A self-governing, self-healing and self-optimizing policy oriented grid architecture. The architecture can include a hosting service configured for use in a computing grid. The hosting service can include a Web service; grid instrumentation coupled to the Web service; a Web service descriptive document; and, a service policy element disposed in the Web service descriptive document. The Web service descriptive document can include a WSDL type document. Moreover, at least one WSLA can be referenced in the WSDL type document. Notably, the service policy element can include at least one policy selected from the group consisting of a security assertion and a business rule. The security assertion can include a security assertion markup language (SAML) formatted authentication statement having a subject specifying a role identifier.
102 citations
IBM1
TL;DR: This work considers the design of security protocols based on XML and Web services and focuses on the liberty-enabled client and proxy (LECP) profile, which assumes a special protocol-aware client (the enabled client).
Abstract: Web single-sign-on protocols-such as Microsoft passport, Oasis's security assertion markup language (SAML), and the Internet2 project Shibboleth, aim to solve security problems by letting individuals log in to many Internet services while authenticating only once, or at least always in the same way. Enterprises hope that single-sign-on protocols will significantly decrease customer-care costs due to forgotten passwords and increase e-commerce transactions by enhancing the user experience. Commercial interest centers on distributed enterprises and on small federations of enterprises with existing business relationships, such as supply chains. We concentrate on the liberty-enabled client and proxy (LECP) profile. The LECP protocol assumes a special protocol-aware client (the enabled client). We also consider the design of security protocols based on XML and Web services.
96 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2021 | 4 |
| 2020 | 2 |
| 2019 | 2 |
| 2018 | 5 |
| 2017 | 13 |
| 2016 | 8 |