ITU X.1141:2006
ITU X.1141:2006 Security Assertion Markup Language (saml 2.0) Covers a comprehensive list of SAML profiles such as web browser SSO profile and single logout profile to enable the wide adoption of SAML 2.0 in the industry.
Table of Contents
1Scope2References
3Definitions
3.1Importeddefinitions
3.2Additionaldefinitions
4Abbreviations
5Conventions
6Overview
7Commondatatypes
7.1Stringvalues
7.2URIvalues
7.3Timevalues
7.4IDandIDreferencevalues
8SAMLassertionsandprotocols
8.1SAMLassertions
8.2SAMLprotocols
8.3SAMLversioning
8.4SAMLandXMLsignaturesyntaxandprocessing
8.5SAMLANDXMLencryptionsyntaxandprocessing
8.6SAMLextensibility
8.7SAML-definedidentifiers
9SAMLmetadata
9.1Metadata
9.2Signatureprocessing
9.3Metadatapublicationandresolution
10BindingsforSAML
10.1Guidelinesforspecifyingadditionalprotocolbindings
10.2Protocolbindings
11ProfilesforSAML
11.1Profileconcepts
11.2Specificationofadditionalprofiles
11.3Confirmationmethodidentifiers
11.4SSOProfilesofSAML
12SAMLauthenticationcontext
12.1Authenticationcontextconcepts
12.2Authenticationcontextdeclaration
12.3Authenticationcontextclasses
13ConformancerequirementsforSAML
13.1SAMLprofilesandpossibleimplementations
13.2Conformance
13.3XMLdigitalsignatureandXMLencryption
13.4UseofTLS1.0
AnnexA-SAMLschemas
A.1SAMLSchemaAssertion
A.2SAMLSchemaAuthenticationContext
A.3SAMLSchemaAuthenticationContext
AuthenticatedTelephony
A.4SAMLSchemaAuthenticationContextIP
A.5SAMLSchemaAuthenticationContextIPPWord
A.6SAMLSchemaAuthenticationContextKerberos
A.7SAMLSchemaAuthenticationContextMobileOneFactor-reg
A.8SAMLSchemaAuthenticationContextMobileOneFactor-unreg
A.9SAMLSchemaAuthenticationContextMobileTwoFactor-reg
A.10SAMLSchemaAuthenticationContextMobileTwoFactor-unreg
A.11SAMLSchemaAuthenticationContextNomadTelephony
A.12SAMLSchemaAuthenticationContext
PersonalizedTelephony
A.13SAMLSchemaAuthenticationContextPGP
A.14SAMLSchemaAuthenticationContextPPT
A.15SAMLSchemaAuthenticationContextPassword
A.16SAMLSchemaAuthenticationContextPreviousSession
A.17SAMLSchemaAuthenticationContextSmartcard
A.18SAMLSchemaAuthenticationContextSmartardPKI
A.19SAMLSchemaAuthenticationContextSoftwarePKI
A.20SAMLSchemaAuthenticationContextSPKI
A.21SAMLSchemaAuthenticationContextSRP
A.22SAMLSchemaAuthenticationContextTelephony
A.23SAMLSchemaAuthenticationContextTimeSync
A.24SAMLSchemaAuthenticationContexttypes
A.25SAMLSchemaAuthenticationContextX.509
A.26SAMLSchemaAuthenticationContextXMLDSig
A.27SAMLSchemaECP
A.28SAMLSchemametadata
A.29SAMLSchemaprotocol
A.30SAMLSchemaX.500
A.31SAMLSchemaXACML
AppendixI-Securityandprivacyconsiderations
I.1Privacy
I.2Confidentiality
I.3Pseudonymityandanonymity
I.4Security
I.5Securitytechniques
I.6GeneralSAMLsecurityconsiderations
I.7SAMLbindingssecurityconsiderations
AppendixII-RegistrationofMIMEmediatype
application/samlassertion+xml
AppendixIII-RegistrationofMIMEmediatype
application/samlmetadata+xml
AppendixIV-UseofSSL
AppendixV-SAMLSchemaAuthenticationContext
AppendixVI-AuthenticationContexttypesXMLSchema
AppendixVII-SAMLDCEPACattributeprofile
VII.1DCEPACattributeprofile
VII.2SAMLschemadce
VII.3Example
AppendixVIII-OASISclarificationsofSAML
VIII.1Potentialerrata:PE14
VIII.2Potentialerrata:PE26
BIBLIOGRAPHY