Web Service Security: SAML and XACML Report (Assessment)

Exclusively available on Available only on IvyPanda® Made by Human No AI

SAML or Security Assertion Markup Language is a mechanism that allows for user authentication using an external authentication system (Hirao and Wun-Young 70). Upon authenticating a user a SAML assertion is passed to the user. This assertion is the statement from a SAML authority that provides authentication by virtue of receiving some attributes regarding the user. Because SAML provides this data in message format SSL must be used.

Though commercial toolkits that use SAML have been slow to appear a number are currently available. For example, VeriSign’s Trust Services Integration Toolkit (TSIK) was reported as one of the more complete toolkits for use with SAML (O’Neill 114). This platform is unique in that it creates a platform for the creation of trusted services and client-server applications especially those that use web services. Through this kit we find access to the mandatory components required to support payment processing, XML digital signatures, messages and encryption. In addition to these it also provides support for SAML to assert authentications and authorization between security domains (O’Neill 114).

XACML or eXtensible access control mark-up language is among the numerous approaches to provide an interoperable solution to authentication in a highly distributed environment. One reason for the development of this language can be traced to the need for a standard, generic and powerful access control and specification language (Vimercati 46). Several proprietary languages provide partial solutions to security issues facing the enterprise. However, XACML makes bold attempt at bridging this gap by providing a common language for the expression of security policy across an enterprise (Vimercati 47). This is an OASIS (Organization for Advancement of Structured Information Standards) which aims to fulfill the conditions for a general-purpose access control language and access control via request/response protocol. The access control policy control language provides syntax in XML for defining type of request and rules for the users and the resources (Lemos 58).

Sun Microsystems have also developed a set of APIs commonly known as Java Authentication and Authorization Service (JAAS). For user authentication and enforcing access controls the JAAS set of APIs is very crucial for java applications or services. In a distributed environment it is important to have ESB software such as JAAS to ensure the authenticity of users running and executing code on the system. (Vimercati 49). JAAS can be extended in a variety of ways to achieve the various authentication and authorization objectives. Fortunately JAAS can be modified to use XACML implementation which is both declarative and generic. To modify JAAS in a manner that allows its declaration to be done in a declarative manner instead of the conventional programmatic method. This is among the means available to allow for the use of XACML with other software to enhance platform independence.

Works Cited

Hirao, Joey and Leslie Wun-Young. SAP Security Configuration and Deployment. Burlington, MA: Syngress Publishing Inc, 2009. Print.

Lemos, Rogerio. Architecting Dependable Systems VI. Berlin: Springer, 2009. Print.

O’Neill, Mark. Web Services Security. Berkeley: McGraw-Hill / Osborne, 2003. Print.

Vimercati, Sabrina de Capitani di. Computer Security – ESORICS 2005. Berlin: Springer, Print.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, March 31). Web Service Security: SAML and XACML. https://ivypanda.com/essays/web-service-security-saml-and-xacml/

Work Cited

"Web Service Security: SAML and XACML." IvyPanda, 31 Mar. 2022, ivypanda.com/essays/web-service-security-saml-and-xacml/.

References

IvyPanda. (2022) 'Web Service Security: SAML and XACML'. 31 March.

References

IvyPanda. 2022. "Web Service Security: SAML and XACML." March 31, 2022. https://ivypanda.com/essays/web-service-security-saml-and-xacml/.

1. IvyPanda. "Web Service Security: SAML and XACML." March 31, 2022. https://ivypanda.com/essays/web-service-security-saml-and-xacml/.


Bibliography


IvyPanda. "Web Service Security: SAML and XACML." March 31, 2022. https://ivypanda.com/essays/web-service-security-saml-and-xacml/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1