SAML Architecture: Difference between revisions
| Line 6: | Line 6: | ||
SAML is specified by the following domain model: | SAML is specified by the following domain model: | ||
[[File:SAML_Domain_Model.png]] | |||
==Credential Collector== | ==Credential Collector== | ||
Revision as of 06:21, 21 February 2017
Internal
Domain Model
SAML is specified by the following domain model:
Credential Collector
A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.
Authentication Authority
A system entity that produces authentication assertions.
Session Authority
A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.
Atribute Authority
A system entity that produces attribute assertions.
Attribute Repository
A repository where attribute assertions are stored.
Policy Repository
A repository where policies are stored. Also known as "Policy".
Policy Decision Point
A system entity that makes authorization decisions for itself or for other system entities that request authorization.
Policy Enforcement Point
A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.
Policy Administration Point
A system entity where policies (for example, access control rules about a resource) are defined and maintained.