J. Hodges
NeuStar
September 6, 2006
How to Study and Learn SAML
Abstract
This brief whitepaper provides a functional introduction to the SAMLv2 specifications tailored to protocol designer and developer's perspectives. First a conceptual introduction is presented, next suggestions on how to study and learn SAML are given, and then more detailed aspects are discussed.
1. Conceptual Introduction to SAML
SAML [OASIS.sstc‑saml‑exec‑overview‑2.0‑cd‑01] defines an XML-based framework for crafting "security assertions", and exchanging them between entities. In the course of creating, or relying upon such assertions, SAML system entities may use SAML protocols, or other protocols, to convey an assertion itself, or to communicate about the "subject" of an assertion.
Thus one can employ SAML to make statements such as:
"Alice has these profile attributes and her domain's certificate is available over there, and I'm making this statement, and here's who I am."
Then one can cause such an assertion to be conveyed to some party who can then rely on it in some fashion for some purpose, for example input it into a local policy evaluation gating access to some resource.
Such applications of SAML are done in a particular "context of use". A particular context of use could be, for example, deciding whether to accept and act upon a SIP-based invitation to initiate a communication session.
The specification of just how SAML is employed in any given context of use is known as a
"SAML profile". The specification of how SAML assertions and/or protocol messages are conveyed in, or over, another protocol is known as a "SAML Binding". Typically, a SAML profile specifies the SAML bindings that may be used in its context. Both SAML profiles and SAML bindings in turn reference other SAML specifications, especially the SAML
Assertions and Protocols, aka "SAML Core", specification [OASIS.saml‑core‑2.0‑os].
This relationship between SAML