SAML Architecture: Difference between revisions
| Line 18: | Line 18: | ||
A system entity (for example, [[SAML Concepts#Identity_Provider|Identity Provider]]) that plays the role of maintaining the state related to the session. Also see [[SAML Single Logout Profile|single logout profile]]. | A system entity (for example, [[SAML Concepts#Identity_Provider|Identity Provider]]) that plays the role of maintaining the state related to the session. Also see [[SAML Single Logout Profile|single logout profile]]. | ||
==Atribute Authority== | |||
A system entity that produces attribute assertions. | |||
==Attribute Repository== | |||
A repository where attribute assertions are stored. | |||
==Policy Repository== | |||
A repository where policies are stored. Also known as "Policy". | |||
==Policy Decision Point== | |||
A system entity that makes authorization decisions for itself or for other system entities that request authorization. | |||
==Policy Enforcement Point== | |||
A system entity that enforces the security policy of granting or revoking the access of resources to the service requester. | |||
==Policy Administration Point== | |||
A system entity where policies (for example, access control rules about a resource) are defined and maintained. | |||
Revision as of 05:54, 21 February 2017
Internal
Domain Model
SAML is specified by the following domain model:
Credential Collector
A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.
Authentication Authority
A system entity that produces authentication assertions.
Session Authority
A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.
Atribute Authority
A system entity that produces attribute assertions.
Attribute Repository
A repository where attribute assertions are stored.
Policy Repository
A repository where policies are stored. Also known as "Policy".
Policy Decision Point
A system entity that makes authorization decisions for itself or for other system entities that request authorization.
Policy Enforcement Point
A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.
Policy Administration Point
A system entity where policies (for example, access control rules about a resource) are defined and maintained.