If you want to learn more about SAML, see the
excellent of?¬?cial documentation provided by OASIS. You can
?¬?nd it at www.oasis-open.org.
Did we ?¬?nd the ultimate way of handling identity on the
Internet? Unfortunately, we??™re not there yet. SAML is certainly a
better Internet citizen than Kerberos ever was. However, it still
contains a number of characteristics that prevented its wide
adoption at the end-user level.
The AP looks much more agile than the KDC, but it also performs
fewer functions. The AP can state assertions about Alice
that can be understood outside its realm, but there??™s no direct
management of the cryptography aspect. In the browser scenarios,
SAML relies on transport security. That is, it assumes that
every communication will be protected by HTTPS. We have
seen how this does not necessarily guarantee that the user will
be comfortable with it.
The SAML speci?¬?-
cation de?¬?nes the
format for assertions
and a protocol for
sending them
around
The Babel of Web User Interfaces 79
Furthermore, SAML came out as something intended for
addressing business-to-business transactions. This is re?¬‚ected by
the fact that many sequences imply direct communication between
the AP and the RP.
Pages:
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149