Using SAML for credential delegation

The paper on “Extending the Security Assertion Markup Language to Support Delegation for Web Services and Grid Services” by Jun Wang and my friend Marty Humphrey over at the CS department, University of Virginia, is a great read. It illustrates how one could do user rights delegation using SAML. This is a common scenario in Internet-scale applications (aka Grid applications). They also have an implementation using Microsoft‘s WSE.

Here’s a quote from the paper:

“The problem with the conventional approach in Grids – GSI X509 proxy certificates [5] – is that commercial tooling for Web Services does not necessarily recognize and properly process these certificates, typically the Distinguished Name (DN) in the certificate or in path validation. Even with the recent introduction of proxy certificates in the IETF, it is not clear when and if this commercial support will occur. An alternative approach that is pursued in this work is to leverage and extend existing Web Services standards, without breaking the existing tooling, so as to facilitate Grid practitioners more easily building and consuming services across the Grid without requiring Grid-specific protocols.”

Excellent stuff.

Recent Posts

Digital Twin (my playground)

I am embarking on a side project that involves memory and multimodal understanding for an…

9 months ago

“This is exactly what LLMs are made for”

I was in Toronto, Canada. I'm on the flight back home now. The trip was…

1 year ago

AI is enhancing me

AI as an enhancer of human abilities.

1 year ago

“How we fell out of love with voice assistants”

The BBC article "How we fell out of love with voice assistants" by Katherine Latham…

2 years ago

Ontology-based reasoning with ChatGPT’s help

Like so many others out there, I played a bit with ChatGPT. I noticed examples…

2 years ago

Break from work

Hi all… It’s been a while since I posted on this blog. It’s been an…

2 years ago