February 2010

The Sunjug kicks off 2010 on Febraury 24th, with a presentation by Steve Goldsmith on Security Assertion Markup Language(SAML).

SAML is an XML-based standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.

Since there are many facets to SAML Steve will give a brief overview of SAML and then jump right into a real world scenario using a service provider. The service provider will accept an encrypted and signed assertion from an external entity which will be decrypted and have its attributes revealed. This can be used to integrate an external entities' SSO system into legacy web applications without the need to implement expensive and complex federated security solutions like SIteMinder, etc.

Steve has built the code using OpenSAML for encryption and signing assertions as well to allow end to end testing using Apache Http Client. He will cover topics all the way down to creating RSA key pairs in a Java key store using keytool, so in essence this is a complete solution. The talk will not be covering SSO solutions like JOSSO as this is perhaps better covered at a later date.

About the presenter:
Steve Goldsmith is Sr. Software Architect at WAZAGUA in Bradenton Fl and is a frequent presenter at the Sunjug.

The event will be hosted by Community Foundation of Sarasota, located at 2635 Fruitville Rd, Sarasota, FL 34237, which is west of exit 210 off I75.

Meeting Schedule:
6-6:30 PM: Networking
6:30 - 8:00 PM: Presentation