Authorization-Authentication Using XACML and SAML

The report discusses our experiences of using two OASIS Web service standards; namely eXtensible Access Control Mark-up Language which abbreviates to (XACML) and Security Assertion Mark-up Language or SAML as it is commonly known. Within the domain of the GOLD project we have combined these two standards to offer single login mechanisms, including a simple protocol for enabling the crossing of organizational boundaries. In addition we enable granular access control using the policy semantics defined by XACML. 1.0 Introduction The purpose of this document is to discuss the work we have been doing with two OASIS-standards namely XACML and SAML, used for writing access control policies and carrying out access control and enabling authentication respectively. The report discusses usage of the standards as part of a demonstrator that was created for the GOLD project. The purpose of the report is to show how XACML and SAML can be used together to provide a flexible and at the same time powerful security mechanism. The report is structured as follows. We introduce the 2 standards and give some details as to what they do. Further on we introduce our demonstrator and the scenario we used. We provide a fair amount of detail regarding the XML messages and documents that are exchanged between the various entities of the demo while at the same time we explain the underlying protocols. We conclude the report with some further issues and future work. 2.0 OASIS Standards In this section we introduce the 2 standards we used and some details as to how they are structured and what they can achieve. We have deliberately avoided to show XML in this section as we show XML messages as part of the Demo. 2.1 XACML The first standard (XACML) is an XML based Web service standard for communicating access control policies between services. It provides standard XML