Abstract
Coordination of different administrative domains involves several security concerns, especially from an authorization point of view. SAML is getting a lot of popularity as a language that can be used to bridge several isolated authorization systems in order to provide a common interface in a shared target scenario. In this paper, we present a Credential Conversion Service (CCS) that converts non-SAML credentials into SAML assertions following the rules of a conversion policy. CCS provides two different profiles governing how to exchange SAML assertions, and also defines some extensions to SAML in order to express the syntax and semantics of our CCS.
Partially supported by IST-2001-32161, IST-2002-001929 and PB/32/FS/02
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cantor, S., Erdos, M.: Shibboleth-Architecture (May 2002), Internet 2 Draft
Chadwick, D.W., Otenko, A., Ball, E.: Role-Based access control with X.509 Attribute Certificates. IEEE Internet Computing 7(2), 62–69 (2003)
Cnovas, O., Gmez, A.F.: A Distributed Credential Management System for SPKI-Based Delegation Systems. In: Proceedings of 1st Annual PKI Research Workshop, April 2002, pp. 65–76 (2002)
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory (September 1999), Request For Comments (RFC) 2693
Farrel, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Internet Engineering Task Force (April 2002), Request for Comments (RFC) 3281
Hughes, J.: SAML 2.0 - Kerberos use cases (September 2003), OASIS draft
Kornievskaia, O., Honeyman, P., Doster, B., Coffman, K.: Kerberized Credential Translation: A Solution to Web Access Control. In: Proceedings of 10th Usenix Security Symposium (2001)
Maler, E., Mishra, P., Philpott, R.: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (September 2003), OASIS Standard
Maler, E., Mishra, P., Philpott, R.: Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.1 (September 2003), OASIS Standard
Pearlman, L., Kesselman, C., Welch, V., Foster, I., Tuecke, S.: The community authorization service: Status and future. In: Proceedings of CHEP 2003 (2003)
Siebenlist, F., Welch, V., Tuecke, S., Foster, I., Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A.: OGSA Security Roadmap. Internet Engineering Task Force (July 2002), Global Grid Forum Specification Roadmap towards a Secure OGSA
Welch, V., Siebenlist, F., Chadwick, D., Meder, S., Pearlman, L.: Use of SAML for OGSA Authorization (January 2004), Global Grid Forum draft
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K.: Security for grid services. In: Proceedings of 12th IEEE Internation Symposium on High Performance Distributed Computing, pp. 48–57 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cánovas, Ó., López, G., Gómez-Skarmeta, A.F. (2004). A Credential Conversion Service for SAML-based Scenarios. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive