From NCSA Security R&D - University of Illinois at Urbana-Champaign

Contents 1 Security Standards and Specifications 1.1 X.509 Work 1.2 SAML Work 1.3 Other Standards

Security Standards and Specifications

As part of our activities in developing leading-edge security, we are often called upon to develop new standards and specifications. This page lists completed and ongoing activities in that area.

X.509 Work

• Steven Tuecke, Von Welch, Doug Engert, Laura Perlman and Mary Thompson. Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. RFC3820, 2004.

SAML Work

• N. Klingenstein and T. Scavo (eds.). SAML V2.0 Holder-of-Key Web Browser SSO Profile. OASIS Security Services (SAML) Technical Committee, Committee Draft. http://wiki.oasis-open.org/security/SamlHoKWebSSOProfile

• T. Scavo (ed.). SAML V2.0 Holder-of-Key Assertion Request Profiles. OASIS Security Services (SAML) Technical Committee, Working Draft. http://wiki.oasis-open.org/security/SAMLHoKAssertionRequest

• T. Scavo (ed.). SAML V2.0 Holder-of-Key Assertion Profile. OASIS Security Services (SAML) Technical Committee, Committee Draft. http://wiki.oasis-open.org/security/SAMLHoKSubjectConfirmation

• T. Scavo (ed.). Subject-based Profiles for SAML V1.1 Assertions. OASIS Security Services (SAML) Technical Committee, Committee Specification 01 (Document ID: sstc-saml1-profiles-assertion-subject-cs-01), October 2008. http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml1-profiles-assertion-subject-cs-01.pdf

• T. Scavo (ed.). SAML V2.0 Deployment Profiles for X.509 Subjects. OASIS Security Services (SAML) Technical Committee, Committee Specification 01 (Document ID: sstc-saml2-profiles-deploy-x509-cs-01), March 2008. http://www.oasis-open.org/committees/download.php/27761/sstc-saml2-profiles-deploy-x509-cs-01.pdf

• E. Maler, R. Philpott, T. Scavo, and A. Kermaier (eds.). SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems. OASIS Security Services (SAML) Technical Committee, Committee Specification 01 (Document ID: sstc-saml-x509-authn-attrib-profile-cs-01), March 2008. http://www.oasis-open.org/committees/download.php/27766/sstc-saml-x509-authn-attrib-profile-cs-01.pdf

• N. Ragouzis, J. Hughes, R. Philpott, E. Maler, P. Madsen, and T. Scavo (eds.). Security Assertion Markup Language (SAML) V2.0 Technical Overview. OASIS Security Services (SAML) Technical Committee, Committee Draft 02 (Document ID: sstc-saml-tech-overview-2.0-cd-02), March 2008. http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

• V. Venturi, T. Scavo, and D. W. Chadwick (eds.). Use of SAML to retrieve Authorization Credentials. OGSA Authorization Working Group, Draft Version 1.4, February 2008. https://forge.gridforum.org/sf/go/doc15173?nav=1

• T. Scavo and S. Cantor (eds.). Metadata Extension for SAML V2.0 and V1.x Query Requesters. OASIS Security Services (SAML) Technical Committee, OASIS Standard (Document ID: sstc-saml-metadata-ext-query-os), November 2007. http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ext-query-os.pdf

• T. Scavo (ed.). SAML V1.1 Profiles for X.509 Subjects. OASIS Security Services (SAML) Technical Committee, Working Draft 01 (Document ID: sstc-saml1-profiles-x509-draft-01), August 2006. http://www.oasis-open.org/committees/document.php?document_id=19996&wg_abbrev=security

• T. Scavo and S. Cantor (editors). Shibboleth Architecture: Technical Overview. Document ID: draft-mace-shibboleth-tech-overview-02 (included in NSF Middleware Initiative Release 8) http://shibboleth.internet2.edu/docs/draft-mace-shibboleth-tech-overview-latest.pdf

• Von Welch, Rachana Ananthakrishnan, Frank Siebenlist, David Chadwick, Sam Meder, and Laura Pearlman. Use of SAML for OGSI Authorization. GFD 66, 2006.

Other Standards

• Jeffrey Hutzelman, Jospeh Salowey, Joseph Galbraith and Von Welch. Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol. RFC4462, May 2006.