SAML or Security Assertion Markup Language is a mechanism that allows for user authentication using an external authentication system (Hirao and Wun-Young 70). Upon authenticating a user a SAML assertion is passed to the user. This assertion is the statement from a SAML authority that provides authentication by virtue of receiving some attributes regarding the user. Because SAML provides this data in message format SSL must be used.
Though commercial toolkits that use SAML have been slow to appear a number are currently available. For example, VeriSign’s Trust Services Integration Toolkit (TSIK) was reported as one of the more complete toolkits for use with SAML (O’Neill 114). This platform is unique in that it creates a platform for the creation of trusted services and client-server applications especially those that use web services. Through this kit we find access to the mandatory components required to support payment processing, XML digital signatures, messages and encryption. In addition to these it also provides support for SAML to assert authentications and authorization between security domains (O’Neill 114).
XACML or eXtensible access control mark-up language is among the numerous approaches to provide an interoperable solution to authentication in a highly distributed environment. One reason for the development of this language can be traced to the need for a standard, generic and powerful access control and specification language (Vimercati 46). Several proprietary languages provide partial solutions to security issues facing the enterprise. However, XACML makes bold attempt at bridging this gap by providing a common language for the expression of security policy across an enterprise (Vimercati 47). This is an OASIS (Organization for Advancement of Structured Information Standards) which aims to fulfill the conditions for a general-purpose access control language and access control via request/response protocol. The access control policy control language provides syntax in XML for defining type of request and rules for the users and the resources (Lemos 58).
Sun Microsystems have also developed a set of APIs commonly known as Java Authentication and Authorization Service (JAAS). For user authentication and enforcing access controls the JAAS set of APIs is very crucial for java applications or services. In a distributed environment it is important to have ESB software such as JAAS to ensure the authenticity of users running and executing code on the system. (Vimercati 49). JAAS can be extended in a variety of ways to achieve the various authentication and authorization objectives. Fortunately JAAS can be modified to use XACML implementation which is both declarative and generic. To modify JAAS in a manner that allows its declaration to be done in a declarative manner instead of the conventional programmatic method. This is among the means available to allow for the use of XACML with other software to enhance platform independence.
Works Cited
Hirao, Joey and Leslie Wun-Young. SAP Security Configuration and Deployment. Burlington, MA: Syngress Publishing Inc, 2009. Print.
Lemos, Rogerio. Architecting Dependable Systems VI. Berlin: Springer, 2009. Print.
O’Neill, Mark. Web Services Security. Berkeley: McGraw-Hill / Osborne, 2003. Print.
Vimercati, Sabrina de Capitani di. Computer Security – ESORICS 2005. Berlin: Springer, Print.