-
15. Re: SAML Assertions (JBossESB)
Jeff
That is a great idea. It might be a good idea to do a white paper on this. There is not much out there for guiding SOA Security, this could be a start. Please let me know if you need some help, Anih, Mark and you could send me an outline and I could fill it out and provide some nice drawings.
There is cyber security conference on November 20. I hope to attend and could provide some input to the panel discussions.
Anyway, let me know if you think this is a good idea and we can get started. We can keep the implementation details vague if you want, but the concept is really good.
John -
16. Re: SAML Assertions (JBossESB)
Can I upload a png file with the SAML Assertion class diagram to this forum somehow?
Interest is great in any type of white paper we can generate. If you guys are too busy, I will start one if you do not mind. I really want to learn this technology and its a great way to go! -
-
18. Re: SAML Assertions (JBossESB)
"jkurtz.wa@gmail.com" wrote:
That is a great idea. It might be a good idea to do a white paper on this. There is not much out there for guiding SOA Security, this could be a start.
John
When you say the SOA security, Dan has composed a good section about the JBossESB security feature at: http://anonsvn.jboss.org/repos/labs/labs/jbossesb/branches/JBESB_4_4_GA_CP/product/docs/ServicesGuide.odt (Chapter 13).
For the filter, we can see it from http://www.jboss.org/jbossesb/docs/4.4.GA/manuals/html/ProgrammersGuide.html.
The security feature has NOT been included in the JBossESB 4.4 release. It will be in the ESB 4.5 release. So if we want to use filter to implement the security feature, then I think it might be better we based on the ESB 4.4 code base. But at the same time, refer to 4_4_GA_CP branch, as to see what needs to be done. (Include the requirement of encrypting the authentication request). -
19. Re: SAML Assertions (JBossESB)
"jkurtz.wa@gmail.com" wrote:
Interest is great in any type of white paper we can generate. If you guys are too busy, I will start one if you do not mind. I really want to learn this technology and its a great way to go!
Sure. You can start to write one if you'd like. ;-)
-Jeff -
20. Re: SAML Assertions (JBossESB)
hi
I am going to start on a white paper to tie together the concepts of ESB security with JBoss. Thanks for the references. I will get an outline together and post it, then start working through the sections.
Will also get that SAML class diagram and smooks program to write an Assertion into a model. Great way to learn!
Again, thanks for letting me help
John -
21. Re: SAML Assertions (JBossESB)
"jkurtz.wa@gmail.com" wrote:
hi
Will also get that SAML class diagram and smooks program to write an Assertion into a model. Great way to learn!
John
Understand your learning intentions. But I have no idea why you want to do smooks (to go from assertion into a model), why not just use opensaml2 api to construct the assertions? -
22. Re: SAML Assertions (JBossESB)
Anil
I was using smooks to go from the Assertion to the model and then would have used it to back to XML again. The Assertion would have mapped to and from model.
However, if you think OpenSAML is better, I can use that instead. Its examples are not that organized. so it is a bit more of a challenge. I still want to model the assertion to facilitate the data processing and will check out OpenSAML
John -
23. SAML Assertions (JBossESB)
All
I would like to begin the design process to empower JBoss ESB messages to use SAML assertions. The first step would be to develop a set of requirements based on the JBoss ESB architecture and the SAML Standard.
If we can refine these requirements and create test cases, we maybe able to submit them to be used as Compliance Tests - tests that demonstrate our application adheres to the SAML standard. XACML, another OASIS standard (but for authorization), has these and it helps development and insures credibility.
I will get some requirements together and post them here. We can try to get at least the basic ones down and then try to design something. We should try to look into using new technology like SMOOKs and Drools to work with the SAML Assertion's XML and apply business rule. Open SAML is ok, but it is dated.
John L Kurtz -
24. Re: SAML Assertions (JBossESB)
"jkurtz.wa@gmail.com" wrote:
All
I would like to begin the design process to empower JBoss ESB messages to use SAML assertions. The first step would be to develop a set of requirements based on the JBoss ESB architecture and the SAML Standard.
If we can refine these requirements and create test cases, we maybe able to submit them to be used as Compliance Tests - tests that demonstrate our application adheres to the SAML standard. XACML, another OASIS standard (but for authorization), has these and it helps development and insures credibility.
I will get some requirements together and post them here. We can try to get at least the basic ones down and then try to design something. We should try to look into using new technology like SMOOKs and Drools to work with the SAML Assertion's XML and apply business rule. Open SAML is ok, but it is dated.
John L Kurtz
I somehow get the idea, you are lost in the wilderness, John. :)
I am referring to OpenSAML v2 (latest is v2.2). It is the most up to date open source implementation of the saml v2 specification.
