1 / 7

Fidelity Feedback on SAML 1.X and ID-FF 1.X

Fidelity Feedback on SAML 1.X and ID-FF 1.X. Patrick Harding Enterprise Architecture Fidelity Investments. Fidelity and Web Services. Enterprise commitment to XML in 1999 Migrated 90% of inter-BU communication to XML/HTTP Endorse standards bodies OASIS Member WS-I Member

eavan
Download Presentation

Fidelity Feedback on SAML 1.X and ID-FF 1.X

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fidelity Feedbackon SAML 1.X and ID-FF 1.X Patrick Harding Enterprise Architecture Fidelity Investments

  2. Fidelity and Web Services • Enterprise commitment to XML in 1999 • Migrated 90% of inter-BU communication to XML/HTTP • Endorse standards bodies • OASIS Member • WS-I Member • Liberty Management Board • W3C Member • HR-XML Consortium • Externalized first web services to business partners in 2001

  3. Fidelity Use Cases These are the simple ones  • Employee SSO across internal applications • Employee SSO access to external services • Customer SSO access to Fidelity

  4. Use Case 1: Employee SSO across Internal Applications • Employee Intra-enterprise SSO • Current solution leverages proprietary cookie • Issues integrating COTS applications • Use SAML V1.X • SSO Browser POST Profile • No requirement for federation • Starting proof-of-concept • Issues • No logout in SAML • No profiles for Web Service clients • No profile for WSRP

  5. Use Case 2: Employee Access to External Services • Employee Inter-enterprise SSO • Initiated from Fidelity employee portal • Current solutions are proprietary or involve separate UserID and Password • Also involves batch transfer of employee data • Use SAML V1.X and Liberty ID-FF V1.X where appropriate. • Fidelity is the Source/Identity Provider • SSO Browser Artifact Profile • May require federation (account linking) • May require single logout • Also expose attribute service to allow service provider to retrieve employee data • Issues • External Service Provider support for Liberty/SAML • Forced to use opaque id’s with Liberty

  6. Use Case 3: Customer SSO Access to Fidelity • Customer Inter-enterprise SSO • Fidelity clients are requesting SSO access to Fidelity from their employee portal • Fidelity has at least two proprietary solutions in place • Fidelity accepts batch feeds of client’s employee data • Use Liberty ID-FF V1.X • Fidelity is the Service Provider • SSO Browser Artifact Profile • Opt-in/Opt-out Dynamic Federation and Bulk Federation • Single Logout is required • Issues • External client support for Liberty • Extensibility confusion (saml:Advice, etc) • Optional requirement for AuthNRequest • No standardized credential collection for web service clients

  7. Technical Issues Summary • Fidelity needs a single standard for SSO and Identity Federation • Client support for Liberty/SAML • Needs to be simpler • Every enterprise will be an IdP for its employees • SAML 1.X lacks certain features that ID-FF 1.X provides • e.g. Log-out, Federation, De-federation • ID-FF 1.X lacks certain features that SAML 1.X provides • e.g. One-way SSO flow • SAML extensibility confusion • No standardized XML language for credential collection • Versioning is not well defined

More Related