SAML Architecture

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Domain Model

SAML is specified by the following domain model:

Credential Collector

A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.

Authentication Authority

A system entity that produces authentication assertions.

Session Authority

A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.

Atribute Authority

A system entity that produces attribute assertions.

Attribute Repository

A repository where attribute assertions are stored.

Policy Repository

A repository where policies are stored. Also known as "Policy".

Policy Decision Point

A system entity that makes authorization decisions for itself or for other system entities that request authorization.

Policy Enforcement Point

A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.

Policy Administration Point

A system entity where policies (for example, access control rules about a resource) are defined and maintained.