Abstract
Over the last decade the Security Assertion Markup Language (SAML) framework evolved to a versatile standard for exchanging security statements about subjects. Most notably, SAML facilitates the authentication of users, and is thus deployed in both Webservice (SOAP, WS-Security) and REST-based (SAML SSO webbrowser profile, SAML Bearer token in OAuth) services.
This paper recommends an extension to the SAML framework which provides an easy way to transport cryptographic key material bound to assertions issued by particular subjects. The proposal fits into existing solutions and is fully compliant with the Security Assertion Markup Language, XML Digital Signature and XML Encryption standards.
This work was partially funded by the Sec 2 project of the German Federal Ministry of Education and Research (BMBF, FKZ: 01BY1030).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report (March 2005)
Hardjono, Klingenstein, Howlett, Scavo: SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0. Technical Report (March 2010)
Hallam-Baker, P., Mysore, S.H.: XML Key Management Specification (XKMS 2.0). W3C Recommendation, W3C (June 2005)
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly Media (November 1994)
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard) (May 2008)
Lawrence, K., Kaler, C.: WS-trust specification. Technical Report (March 2007)
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0, 5th edn. World Wide Web Consortium, Recommendation REC-xml-20081126 (November 2008)
Eastlake, D., Reagle, J., Solo, D.: XML-Signature Syntax and Processing. XML Signature Working Group (2002)
Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. Technical Report, W3C XML Encryption Working Group (December 2002)
US Department of Commerce: Data Encryption Standard (DES) (December 1993)
National Institute for Science, Technology (NIST): Advanced Encryption Standard (FIPS PUB 197) (November 2001)
Wikipedia: Hybrid cryptosystem — Wikipedia, The Free Encyclopedia (2011) (Online; accessed March 12, 2012)
National Institute of Standards and Technology (NIST): NIST FIPS PUB 186 – Digital Signature Standard (May 1994)
Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21, 120–126 (1978)
Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorization System. In: Project Athena Technical Plan (1988)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Meyer, C., Feldmann, F., Schwenk, J. (2013). Sometimes It’s Better to Be STUCK! SAML Transportation Unit for Cryptographic Keys. In: Kwon, T., Lee, MK., Kwon, D. (eds) Information Security and Cryptology – ICISC 2012. ICISC 2012. Lecture Notes in Computer Science, vol 7839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37682-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-37682-5_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37681-8
Online ISBN: 978-3-642-37682-5
eBook Packages: Computer ScienceComputer Science (R0)