Showing posts from February, 2012

Implementing SAML to XACML

Before Implementing SAML This is how a XACML request will looks like when it is arriving at PDP(Policy Decision Point) to be evaluated.

Basically it states who is(Subject) wanting to access which resource and what action it wants to perform on the resource. PDP trusts that request made is not altered while being sent and received, evaluates the request against existing enabled policies and reply with the decision which will be as follows.

Again there is no guarantee for the party who is using this response that this decision is not altered since sent from PDP until been received.

In order achieve the security of XACML requests and responses in server to server communication SAML profile for XACML is defined by OASIS.This take the system security to a higher level by allowing the usage of fine-grained authorization provided by XACML, to be signed.
After Implementing SAML

Following is how the previous XACML request looks like after wrapped into a XACMLAuthzDecisionQueryType, which is …