[Owasp-suncoast] Suncoast OWASP Meeting - Wednesday Feb 24 @ 6:00pm
carter.stephen at gmail.com
Tue Feb 9 21:51:14 EST 2010
The next OWASP meeting will take place on 2/24. This meeting is being held
in conjunction with the Sarasota Java User Group (Sunjug).
Topic: Security Assertion Markup Language (SAML)
SAML is an XML-based standard for exchanging authentication and
authorization data between security domains, that is, between an identity
provider (a producer of assertions) and a service provider (a consumer of
assertions). SAML is a product of the OASIS Security Services Technical
Since there are many facets to SAML Steve will give a brief overview of SAML
and then jump right into a real world scenario using a service provider. The
service provider will accept an encrypted and signed assertion from an
external entity which will be decrypted and have its attributes revealed.
This can be used to integrate an external entities' SSO system into legacy
web applications without the need to implement expensive and complex
federated security solutions like SIteMinder, etc.
Steve has built the code using OpenSAML for encryption and signing
assertions as well to allow end to end testing using Apache Http Client. He
will cover topics all the way down to creating RSA key pairs in a Java key
store using keytool, so in essence this is a complete solution. The talk
will not be covering SSO solutions like JOSSO as this is perhaps better
covered at a later date.
More can be found at the Sunjug site here:
or the OWASP site here:
Hope to see you there!
- Steve Carter
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-suncoast