Web Services provides a standard mean of interoperating between different software
applications running on a variety of platforms. The simplest web service
consists of a SOAP message for communication and a WSDL for web service
description. Web services use XML extensively which are very well understood
technology. WSDL document defines services as collection of network endpoints
One of the main problems in distributed Web Services is security standards. Due to
different platforms the interpretation of security information has different
meaning in different security context. For instance if a J2EE application try
to exchange security information with a COM+ application, the data sent by J2EE
application will not be recognizable to COM+.
The other problem in distributed Web Services application is the
capability for single-sign on. Security Assertion Markup Language (SAML) is a
standard proposed by OASIS to solve problem like security information exchange
and how Single Sign on capabilities be provided within distributed web services
SAML is a set of specifications used for transferring information like user
authentication, entitlement, and attributes to identity provider (IP) which can
authenticate the user and allow access to resources on a server provider. In SAML a third party which is identity provider will assert the authentication information provided by the consumer and will return SAML assertion which can be passed with any incoming request to
the target or resource provider which will identify the assertion and allow
access to the corresponding activity.
obtaining the assertion from identity provider consumer can pass it with any
request. The same assertion can be used universally and by any part of
application which is a step forward to interoperability in security context.
the security services which implemented SAML are able to interpret security
information transferred by one service to another which makes SAML one of the
most accepted solutions for Web Services Security. The Assertion generated by identity provider
can be used by consumer as long as it is trusted by target or service provider.
The Service Provider can accept the principal an allow authentication.
provides three types of assertions:
Authorization decision assertion
authentication information is received by identity providers which process this
information and authorization assertion is made along with authorization
decision and attributes assertion.
Authentication Assertion is composed of the identity of issuer and the
principal, the period for which the assertion will be valid and some creation
time information. It also input some information about the provider system and
validation time etc.
following is the Authentication Statement Schema