Security/identity · 2007-02-26

SAML parfait

There are lots of ways to convey the concepts and features of SAML. After writing about it and giving presentations on it for a long time, and having cogitating on JeffH’s very useful How to Study and Learn SAML, I thought I might try a new way of illustrating SAML’s features and modularity that can serve as a fairly complete quick reference. Everybody likes parfait, right? Let’s see how well it works as an educational tool.

This “default” diagram shows the SAML framework that you get out of the box and — I hope — the potential for profiles to use whatever lower-level bits make sense. (Click to enlarge the diagrams.)

SAML framework parfait
SAML framework parfait

You could annotate the default diagram for various purposes, such as discussing a proposed profile or extension. This “profiled” diagram shows how the web browser single sign-on profile points specifically to various protocols, assertion statements, and bindings to turn a particular set of use cases into something interoperable.

SAML framework with web SSO highlighted
SAML framework parfait with web SSO highlighted

(I want to add subject confirmation methods somewhere, but can’t figure out a good way to do it. Maybe they’re just too much detail for this.)

I’d love to get feedback from the newbie, in-the-know, teacher, and comparative perspectives. So, any comments? Suggestions? Anecdotes?