SAML Architecture: Difference between revisions
No edit summary |
|||
| Line 13: | Line 13: | ||
==Authentication Authority== | ==Authentication Authority== | ||
A system entity that produces authentication assertions. | A system entity that produces [[SAML Concepts#Authentication_Assertion|authentication assertions]]. | ||
==Session Authority== | ==Session Authority== | ||
Revision as of 05:59, 21 February 2017
Internal
Domain Model
SAML is specified by the following domain model:
Credential Collector
A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.
Authentication Authority
A system entity that produces authentication assertions.
Session Authority
A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.
Atribute Authority
A system entity that produces attribute assertions.
Attribute Repository
A repository where attribute assertions are stored.
Policy Repository
A repository where policies are stored. Also known as "Policy".
Policy Decision Point
A system entity that makes authorization decisions for itself or for other system entities that request authorization.
Policy Enforcement Point
A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.
Policy Administration Point
A system entity where policies (for example, access control rules about a resource) are defined and maintained.