Google Summer of Code 2007 Proposal
OASIS SAML Implementation for Rampart/C
Milinda Lakmal Pathirage
OASIS SAML Implementation for Rampart/C
OASIS SAML Implementation for Rampart/C is a project aimed at implementing Security Assertions Markup Language Specifications Set 1.0 and 1.1 which are vendor-neutral, XML-based framework for exchanging security-related information between business partners over the Internet. Rampart /C is an Axis2/C module which implements securuity related WS-* specifications for Axis2/C.
Already existing SAML implementations(OpenSAML Java, OpenSAML C++) cannot be used with Rampart/C due to the lack of a such implementation in C. This implementation will be based on AXIOM (AXIs Object Model), which is the underlying xml processing framework used in Axis2/C and Rampart/C.
Web Services need to correlate, collaborate, and work along with each other to deliver meaningful business benefits to the end consumer or application. Web services architecture recommends the evolution of modular and reusable business services, which can be used across multiple business applications. With the collaboration and work along with each other increase, challenges arises in the security point of view when authenticating and authorizing a client across multiple Web Services. SAML makes it possible to provide solutions to these challenges. After completing this project Rampart/C will be capable of authenticating & authorizing clients across multiple Web Services and this will help Axis2/C to become the leading Web Services Engine in the World.
The Security Assertion Markup Language(SAML) is a XML standard which define framework for exchanging security information between security domains, that is, between an identity provider and a service provider. It is a product of Security Services Technical Committee of the standards organization OASIS.
SAML has undergone one minor and major revisions since it's version 1.0 release. 1. SAML 1.0 was adopted as an OASIS Standard in November 2002 2. SAML 1.1 was ratified as an OASIS Standard in September 2003 3. SAML 2.0 became an OASIS Standard in March 2005
SAML standardizes the full range of functions associated with receiving, transmitting, and sharing security information to:
- Provide XML formats for user security information and formats to request and transmit the information.
- Define how these messages work with protocols such as SOAP.
- Specify precise message exchanges for certain common use cases, such as Web SSO.
- Support a number of privacy protection mechanisms, including the ability to determine users' attributes without revealing their identities.
- Detail how to handle identity information in formats provided by widely used technologies, including Unix, Microsoft Windows, X.509, and LDAP, DCE, and XCML.
- Formulate a metadata schema that allows participating systems to communicate the SAML options they support.
A federated environment involves at least three roles.
- Relying Party - makes use of the identity information; typically this is a Service Provider that decides what requests to allow
- Asserting Party - provides the security information; SAML calls this the "Identity Provider"
- Subject - the user associated with the Identity Information
Rampart/C serves as the security module for C language implementation of Apache Axis2/C SOAP engine. It provides a set of mechanisms to protect SOAP messages that are exchanged among different entities. Such mechanisms include message confidentiality and message authentication.
1. Complete Implementation of SAML Specification Sets 1.0 and 1.1 which have interoperability with previous SAML implementations.
2. Test Cases to Make Sure the functionality of the implementation.
3. Appropriate documentation to guarantee the continuation of the project.
4. Tutorial on how to use SAML Implementation with Axis2/C and Rampart/C.
Profit for Rampart/C
SAML establishes assertion and protocol schemas for the structure of the documents that transport security.After completing the project Rampart/C will be able to exchange security data that use SAML protocols and provide single sign-on capabilities.
April 9th to May 28th
Study the Rampart/C architecture to understand how I can reuse available things and how to design.
Read the SAML Specifications and try to get an idea about how to do the implementation.
May 29th & 30th & 31st
Design the OASIS SAML implementation API which compatible with Rampart/C requirements and provide a universal API for SAML C library.
June 1st to June 25th
Implement the initial version which support SAML 1.0 Specification.
June 26th to July 1st
Writing Test cases and Testing the initial version.
Also I'll try to fix available bugs in initial version on this time period.
July 2nd to July 20th
Extend the current implementation to support SAML 1.1 Specification.
July 21st to July 25th
Writing Test Cases and Test the implemented code.
Fixing bugs found during testing process.
July 26th to August 5th
Milestone 1 Release and Documentation.
August 6th to August 20th
Fix the bugs and improve the SAML implementation according to community response.
I am a 22 years old undergraduate student at Computer Science and Engineering Department, University of Moratuwa, Sri Lanka. I am currently in Level 3 and will start the Level 4 (Final year) next May.
I have worked on Axis2/C Code Generation Tool and several other parts of Axis2/C. I was accepted as Apache Committer in January this year for the contribution I have done to Axis2/C project. I have been working with WSS4J project prior to working in Axis2/C. In that project I have implemented LDAP Keystore support(WSS-47) to WSS4J.
I am really interested in security related things and I hope this project will give me the opportunity to work and learn security related things. I'm sure that previous work I have done in Axis2/C and knowledge I have about WSS4J, Axis2/C, AXIOM and Rampart/C will be added advantages to successfully complete this project.