Document:
SAML V2.0 Profile for Token Correlation

Draft (A preliminary unapproved sketch, outline, or version.)

Details

Submitted By Dr. Federico Rossini on 2010-06-21 5:35 pm UTC

Publication Type

None at this time.

Group / Folder

OASIS Security Services (SAML) TC / A.5: Post-V2.0 Working Documents

Modified by

Not modified.

Copy

This document is not a copy.

Technical Contact

None at this time.

Download Count

958

Download Agreement

None at this time.

Description

In some advanced SAML use cases, in enterprise context, the execution of a business process might
involve two or more logical transactions that span across one or more intermediaries.
Suppose that an intermediary is involved in almost every process and it needs to call the same services
for different processes, if the authorization to call the services is granted to the intermediary without
correlating this authorization to the process in execution, that would mean to authorize the intermediary
to call every services, as a consequence there wouldn't be real security policy criteria and there would be
reduced logging information.
This profile supply a normative extension to the [SAML2Core] in accord to the philosophy that every
actor owns only the authorizations strictly necessary to do what it needs to do.