SAML Architecture

From NovaOrdis Knowledge Base
Revision as of 06:34, 21 February 2017 by Ovidiu (talk | contribs) (→‎Domain Model)
Jump to navigation Jump to search

Internal

Domain Model

SAML is specified by the following domain model:

SAML Domain Model.png

A system entity (client) wants to access a system resource. The system entity presents user credentials to the Credential Collector, which will authenticate with the associated Authentication Authority, producing the authentication assertion

Credential Collector

A system object that collects user credentials to authenticate with the associated Authentication Authority, Attribute Authority, and Policy Decision Point.

Authentication Authority

A system entity that produces authentication assertions.

Session Authority

A system entity (for example, Identity Provider) that plays the role of maintaining the state related to the session. Also see single logout profile.

Atribute Authority

A system entity that produces attribute assertions.

Attribute Repository

A repository where attribute assertions are stored.

Policy Repository

A repository where policies are stored. Also known as "Policy".

Policy Decision Point

A system entity that makes authorization decisions for itself or for other system entities that request authorization.

Policy Enforcement Point

A system entity that enforces the security policy of granting or revoking the access of resources to the service requester.

Policy Administration Point

A system entity where policies (for example, access control rules about a resource) are defined and maintained.

Retrieved from "https://kb.novaordis.com/index.php?title=SAML_Architecture&oldid=17287"