Stairs to Heaven a CC NC SA image by Werner Kunz
By Riaz Zolfonoon of RSA
The session tries to answer the following questions?
- Is OAuth relevant to enterprises
- Will OAuth replace samen
- What are integration use cases
- How do these protocols help me with BYOID
What is SAML?
Security Assertion Markup Language. It Enables Single Sign-on across domains using open standard. It is an alternative to proprietary SSO and Cross-Domain SSO solutions.
SAML is based on assertions, e.g. this user is authenticated as…
In SAML you have the following actors:
- IDP – IDentity Provider
- SP – Service provider
- Assertion Bearer
It can e.g. be used to authenticate users from a corporation to a cloud storage provider using the corporate active directory.
What is OAuth?
Open Authorisation allows users to share their private resources one site (RS) withother sites (Client) without having to hound out their credentials (e.g. allow Facebook to publish your tweets on your facebook page, without allowing them to access your full account).
In OAuth you have the following actors:
- RO – Resource Owner, the end user
- RS – Resource server, the server using the credentials
- AS – Authorisation Server – A third party server
So how can we use OAuth and SAML together?
Emerging Cloud-based services support OAuth to secure API’s and provide access to resources. OAuth does not prescrive the authentication details. So SAMl provides enterprises with an ideal way to provide OAuth credentials.
Third party ID provides (BYOI) are becoming more populare. Enterprises are considering to switch to BYOI as well. Third parties providers and social and professional networks have typically enabled OAuth, but not SAML.
So how can SAML be integrated in OAuth authorization services? SAML can be used as a basis of issuing a OAuth token. Additionally an OAuth token can be used to authenticate to a SAML ID provider.
