ImageVerifierCode 换一换
格式:PDF , 页数:312 ,大小:2.01MB ,
资源ID:804516      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-804516.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T X 1141-2006 Security Assertion Markup Language (SAML 2 0) (Study Group 17)《安全声明标注语言 研究组17》.pdf)为本站会员(inwarn120)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T X 1141-2006 Security Assertion Markup Language (SAML 2 0) (Study Group 17)《安全声明标注语言 研究组17》.pdf

1、 International Telecommunication Union ITU-T X.1141 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (06/2006) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Telecommunication security Security Assertion Markup Language (SAML 2.0) ITU-T Recommendation X.1141 ITU-T X-SERIES RECOMMEND

2、ATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS Services and facilities X.1X.19 Interfaces X.20X.49 Transmission, signalling and switching X.50X.89 Network aspects X.90X.149 Maintenance X.150X.179 Administrative arrangements X.180X.199 OPEN SYSTEMS INTERCONNECTION

3、Model and notation X.200X.209 Service definitions X.210X.219 Connection-mode protocol specifications X.220X.229 Connectionless-mode protocol specifications X.230X.239 PICS proformas X.240X.259 Protocol Identification X.260X.269 Security Protocols X.270X.279 Layer Managed Objects X.280X.289 Conforman

4、ce testing X.290X.299 INTERWORKING BETWEEN NETWORKS General X.300X.349 Satellite data transmission systems X.350X.369 IP-based networks X.370X.379 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS Networking X.600X.629 Efficiency X.630X.639 Quality of service

5、 X.640X.649 Naming, Addressing and Registration X.650X.679 Abstract Syntax Notation One (ASN.1) X.680X.699 OSI MANAGEMENT Systems Management framework and architecture X.700X.709 Management Communication Service and Protocol X.710X.719 Structure of Management Information X.720X.729 Management functi

6、ons and ODMA functions X.730X.799 SECURITY X.800X.849 OSI APPLICATIONS Commitment, Concurrency and Recovery X.850X.859 Transaction processing X.860X.879 Remote operations X.880X.889 Generic applications of ASN.1 X.890X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 TELECOMMUNICATION SECURITY X.1000 For

7、further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. X.1141 (06/2006) i ITU-T Recommendation X.1141 Security Assertion Markup Language (SAML 2.0) Summary SAML is an XML-based framework for exchanging security information. This security information is expressed in the form o

8、f assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A single assertion might contain several different internal statements about authentication, authorization and attributes. This Recommendation defines a protocol by whic

9、h clients can request assertions from SAML authorities and get a response from them. This protocol, consisting of XML-based request and response message formats, can be bound to many different underlying communications and transport protocols; SAML currently defines one binding to SOAP over HTTP. In

10、 creating their responses, SAML authorities can use various sources of information, such as external policy stores and assertions that were received as input in requests. This Recommendation defines SAML assertions elements, subjects, conditions, processing rules and statements. Additionally, it dev

11、elops a comprehensive SAML metadata profile that includes associated namespace, common data types, processing rules and signature processing. Several protocol bindings such as SOAP, PAOS (reverse SOAP), HTTP redirect, HTTP POST, among others, are also developed. This Recommendation provides a compre

12、hensive list of SAML profiles such as web browser SSO profile and single logout profile to enable the wide adoption of SAML 2.0 in the industry. Guidelines for authentication context and conformance are also provided. This Recommendation is technically equivalent and compatible with the OASIS SAML 2

13、.0 standard. Source ITU-T Recommendation X.1141 was approved on 13 June 2006 by ITU-T Study Group 17 (2005-2008) under the ITU-T Recommendation A.8 procedure. ii ITU-T Rec. X.1141 (06/2006) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field

14、 of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The Worl

15、d Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In

16、some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recogn

17、ized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The word

18、s “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that

19、the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendatio

20、n development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are

21、 therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2007 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. X.1141 (06/2006) iii CONTENTS Page 1 Scope. 1 2

22、References 1 3 Definitions 4 3.1 Imported definitions 4 3.2 Additional definitions 4 4 Abbreviations 8 5 Conventions 9 6 Overview 9 7 Common data types 10 7.1 String values 10 7.2 URI values. 10 7.3 Time values . 11 7.4 ID and ID reference values 11 8 SAML assertions and protocols . 11 8.1 SAML asse

23、rtions 11 8.2 SAML protocols . 31 8.3 SAML versioning 57 8.4 SAML and XML signature syntax and processing . 59 8.5 SAML AND XML encryption syntax and processing. 64 8.6 SAML extensibility . 64 8.7 SAML-defined identifiers. 66 9 SAML metadata . 70 9.1 Metadata . 70 9.2 Signature processing 89 9.3 Met

24、adata publication and resolution 90 10 Bindings for SAML 94 10.1 Guidelines for specifying additional protocol bindings . 94 10.2 Protocol bindings 95 11 Profiles for SAML 120 11.1 Profile concepts 120 11.2 Specification of additional profiles . 121 11.3 Confirmation method identifiers. 122 11.4 SSO

25、 Profiles of SAML. 123 12 SAML authentication context 155 12.1 Authentication context concepts. 155 12.2 Authentication context declaration 156 12.3 Authentication context classes . 157 13 Conformance requirements for SAML 200 13.1 SAML profiles and possible implementations. 200 13.2 Conformance 201

26、 13.3 XML digital signature and XML encryption. 204 13.4 Use of TLS 1.0 . 204 Annex A SAML schemas 205 A.1 SAML Schema Assertion . 205 A.2 SAML Schema Authentication Context. 209 A.3 SAML Schema Authentication Context AuthenticatedTelephony . 210 A.4 SAML Schema Authentication Context IP . 211 A.5 S

27、AML Schema Authentication Context IPPWord 212 A.6 SAML Schema Authentication Context Kerberos 213 A.7 SAML Schema Authentication Context MobileOneFactor-reg . 214 iv ITU-T Rec. X.1141 (06/2006) Page A.8 SAML Schema Authentication Context MobileOneFactor-unreg 217 A.9 SAML Schema Authentication Conte

28、xt MobileTwoFactor-reg. 220 A.10 SAML Schema Authentication Context MobileTwoFactor-unreg . 223 A.11 SAML Schema Authentication Context NomadTelephony 226 A.12 SAML Schema Authentication Context PersonalizedTelephony. 227 A.13 SAML Schema Authentication Context PGP 228 A.14 SAML Schema Authenticatio

29、n Context PPT 230 A.15 SAML Schema Authentication Context Password . 231 A.16 SAML Schema Authentication Context PreviousSession 232 A.17 SAML Schema Authentication Context Smartcard 233 A.18 SAML Schema Authentication Context SmartardPKI. 234 A.19 SAML Schema Authentication Context SoftwarePKI. 236

30、 A.20 SAML Schema Authentication Context SPKI. 238 A.21 SAML Schema Authentication Context SRP 239 A.22 SAML Schema Authentication Context Telephony 240 A.23 SAML Schema Authentication Context TimeSync. 242 A.24 SAML Schema Authentication Context types . 243 A.25 SAML Schema Authentication Context X

31、.509 255 A.26 SAML Schema Authentication Context XMLDSig 256 A.27 SAML Schema ECP 258 A.28 SAML Schema metadata 259 A.29 SAML Schema protocol . 264 A.30 SAML Schema X.500 269 A.31 SAML Schema XACML 269 Appendix I Security and privacy considerations. 270 I.1 Privacy 270 I.2 Confidentiality 270 I.3 Ps

32、eudonymity and anonymity 270 I.4 Security. 271 I.5 Security techniques 272 I.6 General SAML security considerations 274 I.7 SAML bindings security considerations. 275 Appendix II Registration of MIME media type application/samlassertion+xml 281 Appendix III Registration of MIME media type applicatio

33、n/samlmetadata+xml. 282 Appendix IV Use of SSL 283 Appendix V SAML Schema Authentication Context 283 Appendix VI Authentication Context types XML Schema . 285 Appendix VII SAML DCE PAC attribute profile. 297 VII.1 DCE PAC attribute profile 297 VII.2 SAML schema dce 299 VII.3 Example 300 Appendix VII

34、I OASIS clarifications of SAML 301 VIII.1 Potential errata: PE14 301 VIII.2 Potential errata: PE26 302 BIBLIOGRAPHY 304 ITU-T Rec. X.1141 (06/2006) 1 ITU-T Recommendation X.1141 Security Assertion Markup Language (SAML 2.0) 1 Scope This Recommendation defines the Security Assertion Markup Language (

35、SAML 2.0). SAML defines the syntax and processing semantics of assertions made about a subject by a system entity. In the course of making, or relying upon such assertions, SAML system entities may use other protocols to communicate either regarding an assertion itself, or the subject of an assertio

36、n. This Recommendation defines the structure of SAML assertions, an associated set of protocols, in addition to the processing rules involved in managing a SAML system. SAML assertions and protocol messages are encoded in XML and use XML namespaces. They are typically embedded in other structures fo

37、r transport, such as HTTP POST requests or XML-encoded SOAP messages. This Recommendation also specifies SAML bindings that provide frameworks for the embedding and transport of SAML protocol messages. Furthermore, this Recommendation also provides a baseline set of profiles for the use of SAML asse

38、rtions and protocols to accomplish specific use cases or achieve interoperability when using SAML features. This Recommendation defines the following: 1) Conformance requirements for SAML; 2) Assertions and protocols for SAML: SAML assertions schema; SAML protocols schema. 3) Bindings for SAML; 4) P

39、rofiles for SAML: SAML ECP profile schema; SAML X.500/LDAP attribute profile schema; SAML DCE PAC attribute profile schema; SAML XACML attribute profile schema. 5) Metadata for SAML; 6) SAML metadata schema; 7) Authentication context for SAML. 2 References The following Recommendations and other ref

40、erences contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision, and parties to agreements based on this Recommendation are

41、encouraged to investigate the possibility of applying the most recent editions of the Recommendations and other references listed below. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. The IETF maintains a list of RFCs, together with

42、 those that have been obsoleted by later RFCs. W3C, the Unicode Consortium and Liberty Alliance maintain a list of latest Recommendations and other publications. ITU-T Recommendation X.660 (2004) | ISO/IEC 9834-1:2005, Information technology Open Systems Interconnection Procedures for the operation

43、of OSI Registration Authorities: General procedures and top arcs of the ASN.1 Object Identifier tree. ITU-T Recommendation X.667 (2004) | ISO/IEC 9834-8:2005, Information technology Open Systems Interconnection Procedures for the operation of OSI Registration Authorities: Generation and Registration

44、 of Universally Unique Identifiers (UUIDs) and their use as ASN.1 Object Identifier components. 2 ITU-T Rec. X.1141 (06/2006) ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation. ITU-T Recommendation X.

45、800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ITU-T Recommendation X.811 (1995) | ISO/IEC 10181-2:1996, Information technology Open Systems Interconnection Security frameworks for open systems: authentication framework. ITU-T Recommendation X.812 (1995) |

46、 ISO/IEC 10181-3:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Access control framework. ITU-T Recommendation X.1142 (2006), eXtensible Access Control Markup Language (XACML 2.0). IETF RFC 1034 (1987), Domain Names Concepts and Facilities. IETF RFC 1

47、510 (1993), The Kerberos Network Authentication Service (V5). IETF RFC 1750 (1994), Randomness Recommendations for Security. IETF RFC 1951 (1996), DEFLATE Compressed Data Format Specification Version 1.3. IETF RFC 1991 (1996), PGP Message Exchange Formats. IETF RFC 2045 (1996), Multipurpose Internet

48、 Mail Extensions (MIME) Part One: Format of Internet Message Bodies. IETF RFC 2119 (1997), Keywords for use in RFCs to Indicate Requirement Levels. IETF RFC 2246 (1999), The TLS Protocol Version 1.0. IETF RFC 2253 (1997), Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Dis

49、tinguished Names. IETF RFC 2396 (1998), Uniform Resource Identifiers (URI): Generic Syntax. IETF RFC 2535 (1999), Domain Name System Security Extensions. IETF RFC 2616 (1999), Hypertext Transfer Protocol HTTP/1.1. IETF RFC 2617 (1999), HTTP Authentication: Basic and Digest Access Authentication. IETF RFC 2798 (2000), Definition of the inetOrgPerson LDAP Object Class. IETF RFC 2828 (2000), Internet Security Glossary. IETF RFC 2914 (2000), Congestion Control P

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1