SAML Architecture

From NovaOrdis Knowledge Base
Revision as of 06:37, 21 February 2017 by Ovidiu (talk | contribs) (→‎Domain Model)
Jump to navigation Jump to search

Internal

Domain Model

SAML is specified by the following domain model:

SAML Domain Model.png

A system entity (client) wants to access a system resource. The system entity presents user credentials to the Credential Collector, which will authenticate with the associated Authentication Authority, producing the authentication assertion, then with the Attribute Authority producing an attribute assertion and the Policy Decision Point, producing the authorization decision assertion

Credential Collector

A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.

Authentication Authority

A system entity that produces authentication assertions.

Session Authority

A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.

Atribute Authority

A system entity that produces attribute assertions.

Attribute Repository

A repository where attribute assertions are stored.

Policy Repository

A repository where policies are stored. Also known as "Policy".

Policy Decision Point

A system entity that makes authorization decisions for itself or for other system entities that request authorization.

Policy Enforcement Point

A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.

Policy Administration Point

A system entity where policies (for example, access control rules about a resource) are defined and maintained.