Using SAML for credential delegation

The paper on “Extending the Security Assertion Markup Language to Support Delegation for Web Services and Grid Services” by Jun Wang and my friend Marty Humphrey over at the CS department, University of Virginia, is a great read. It illustrates how one could do user rights delegation using SAML. This is a common scenario in Internet-scale applications (aka Grid applications). They also have an implementation using Microsoft‘s WSE.

Here’s a quote from the paper:

“The problem with the conventional approach in Grids – GSI X509 proxy certificates [5] – is that commercial tooling for Web Services does not necessarily recognize and properly process these certificates, typically the Distinguished Name (DN) in the certificate or in path validation. Even with the recent introduction of proxy certificates in the IETF, it is not clear when and if this commercial support will occur. An alternative approach that is pursued in this work is to leverage and extend existing Web Services standards, without breaking the existing tooling, so as to facilitate Grid practitioners more easily building and consuming services across the Grid without requiring Grid-specific protocols.”

Excellent stuff.

Recent Posts

BrainExpanded – The Timeline

See "BrainExpanded - Introduction" for context on this post. Notes and links Over the years,…

5 days ago

BrainExpanded – Introduction

This is the first post, in what I think is going to be a series,…

5 days ago

Digital twin follow up

Back in February, I shared the results of some initial experimentation with a digital twin.…

2 weeks ago

Digital Twin (my playground)

I am embarking on a side project that involves memory and multimodal understanding for an…

10 months ago

“This is exactly what LLMs are made for”

I was in Toronto, Canada. I'm on the flight back home now. The trip was…

1 year ago

AI is enhancing me

AI as an enhancer of human abilities.

1 year ago