Sometimes it's better to be STUCK! - SAML Transportation Unit for Cryptographic Keys

Christopher Meyer, Florian Feldmann, Jörg Schwenk

15th Annual International Conference on Information Security and Cryptology, ICISC 2012


Abstract

Over the last decade the Security Assertion Markup Language (SAML) framework evolved to a versatile standard for exchanging security statements about subjects. Most notably, SAML facilitates the {em authentication} of users, and is thus deployed in both Webservice (SOAP, WS-Security) and REST-based (SAML SSO webbrowser profile, SAML Bearer token in OAuth) services.

This paper recommends an extension to the SAML framework which provides an easy way to transport cryptographic key material bound to assertions issued by particular subjects. The proposal fits into existing solutions and is fully compliant with the Security Assertion Markup Language, XML Digital Signature and XML Encryption standards.

[Slides] [Paper]

tags: Key Distribution, Key Transportation, SAML, SAML Extension, xml