SAML Spec Structure
  • Domain model, glossary, requirements, use cases

  • "Assertions" syntax and semantics
    • Authentication
    • Attribute
    • Authorization Decision
    • Session (?)

  • Messages and protocols
    • assertion request-response
    • session management
    • store-and-forward messaging

  • Bindings
    • to HTTPS, SOAP/XP, BEEP, S/MIME, ebXML, etc

  • Security and Privacy Considerations

  • Conformance

Internet2 Shibboleth, OASIS Security Services
50th IETF, March 2001
RL "Bob" Morgan, rlmorgan@ washington.edu