SAML Architecture: Difference between revisions
Line 23: | Line 23: | ||
A system entity (for example, [[SAML Concepts#Identity_Provider|Identity Provider]]) that plays the role of maintaining the state related to the session. Also see [[SAML Single Logout Profile|single logout profile]]. | A system entity (for example, [[SAML Concepts#Identity_Provider|Identity Provider]]) that plays the role of maintaining the state related to the session. Also see [[SAML Single Logout Profile|single logout profile]]. | ||
== | ==Attribute Authority== | ||
A system entity that produces attribute assertions. | A system entity that produces attribute assertions. |
Revision as of 06:38, 21 February 2017
Internal
Domain Model
SAML is specified by the following domain model:
A system entity (client) wants to access a system resource. The system entity presents user credentials to the Credential Collector, which will authenticate with the associated Authentication Authority, producing the authentication assertion, then with the Attribute Authority producing an attribute assertion and the Policy Decision Point, producing the authorization decision assertion
Credential Collector
A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.
Authentication Authority
A system entity that produces authentication assertions.
Session Authority
A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.
Attribute Authority
A system entity that produces attribute assertions.
Attribute Repository
A repository where attribute assertions are stored.
Policy Repository
A repository where policies are stored. Also known as "Policy".
Policy Decision Point
A system entity that makes authorization decisions for itself or for other system entities that request authorization.
Policy Enforcement Point
A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.
Policy Administration Point
A system entity where policies (for example, access control rules about a resource) are defined and maintained.