1 / 8

SAML CCOW Work Item: Task 2

This presentation discusses the integration of CCOW (Clinical Context Object Workgroup) with SAML (Security Assertion Markup Language) tokens for seamless user authentication and authorization. It covers use cases, SAML assertions, and the design for getting into context. Presented by David Staggs, JD CISSP at the HL7 Working Group Meeting in Phoenix.

harrisjames
Download Presentation

SAML CCOW Work Item: Task 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAML CCOW Work Item: Task 2 Presented by: David Staggs, JD CISSP VHA Office of Information Standards HL7 Working Group Meeting Phoenix – May 6-7 2008

  2. Introduction: Project Scope • Integration of CCOW with Security Assertion Markup Language (SAML) tokens. SAML allows the exchange of authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions).

  3. TASK 2 Description and Use Case • Establishing the user into context using a SAML assertion. • USE Case: • Security SOA where user authentication and authorizations are determined at network level. • Authentication services provide universal SSO for all applications • CCOW CM viewed authentication middleware for CCOW enabled applications and COTS products not SOA aware

  4. Types of SAML Assertions • Authentication: The specified subject was authenticated by a particular means at a particular time • Attribute: The specified subject is associated with the supplied attributes • Authorization Decision: A request to allow the specified subject to access the specified resource has been granted or denied

  5. Notional Design: getting into context • Authentication – source of the assertion • Authentication Service authenticates the user directly • SAML Authority passes identity/attribute assertions to Context Manager • CM –assertion parsed for user id information • Mapped to logon names from User Mapping Agent • CM-Passed User to applications as normal • ISSUE-How is Assertion Time to Live/Re-assertion managed?

  6. SAML IdP CCOW APP 1 Provide SAML Assertion CCOW APP Context Manager Provide username 2 CCOW APP Patient Context

  7. Bearer Type Authentication Assertion • The subject of the assertion is the bearer of the assertion, subject to optional constraints on confirmation using the attributes that may be present in the <SubjectConfirmationData> element. • Example: The bearer of the assertion can confirm itself as the subject, provided the assertion is delivered in a message sent to “https://www.provider.com/SAML/consumer” before 1:37 PM GMT on May 9th, 2008, in response to a request with ID "_1234567890".

More Related