For the SePTIS workshop (supported by the ISTASE, a school of enginnering, specialized in telecoms and networking) of the SITIS IEEE Conference , I have attempted to make a technical comparison of SAML2 and WS-Federation1.1B. This tableau has been published in my paper included in the proceedings. But, it is not really a final version. It needs more works on trust, privacy (pseudonyms and nameId management) and on active clients.
Next, I have made some works to provide a way to make them interoperate, mainly for the passive requestor profile. (Here again, It needs more works on active client: enhanced web browser and standalone applications issues...)
The principle of the interoperability study is as follows:"Allow a service provider to consume and to trust the security informations issued by an authority of a different specification."
The way I proposed is based on a third party in charge of the interoperability process and trusted by both the assertion/token producer and consumer. The main work cares about WS-Federation PRP and SAML2 profiles mapping and WS-Trust and SAML Requests and responses conversion.
As soon as I have more precise results, I will publish them to have "echos" from the identity community...
No comments:
Post a Comment