Google Summer of Code 2007 Proposal

Subject

OASIS SAML Implementation for Rampart/C

Author

Milinda Lakmal Pathirage

Email

milinda.pathirage@gmail.com, milindalakmal@cse.mrt.ac.lk

Project Title

OASIS SAML Implementation for Rampart/C

Synopsis

OASIS SAML Implementation for Rampart/C is a project aimed at implementing Security Assertions Markup Language Specifications Set 1.0 and 1.1 which are vendor-neutral, XML-based framework for exchanging security-related information between business partners over the Internet. Rampart /C is an Axis2/C module which implements securuity related WS-* specifications for Axis2/C.

Already existing SAML implementations(OpenSAML Java, OpenSAML C++) cannot be used with Rampart/C due to the lack of a such implementation in C. This implementation will be based on AXIOM (AXIs Object Model), which is the underlying xml processing framework used in Axis2/C and Rampart/C.

Web Services need to correlate, collaborate, and work along with each other to deliver meaningful business benefits to the end consumer or application. Web services architecture recommends the evolution of modular and reusable business services, which can be used across multiple business applications. With the collaboration and work along with each other increase, challenges arises in the security point of view when authenticating and authorizing a client across multiple Web Services. SAML makes it possible to provide solutions to these challenges. After completing this project Rampart/C will be capable of authenticating & authorizing clients across multiple Web Services and this will help Axis2/C to become the leading Web Services Engine in the World.

Project Details

SAML

The Security Assertion Markup Language(SAML) is a XML standard which define framework for exchanging security information between security domains, that is, between an identity provider and a service provider. It is a product of Security Services Technical Committee of the standards organization OASIS.

SAML has undergone one minor and major revisions since it's version 1.0 release. 1. SAML 1.0 was adopted as an OASIS Standard in November 2002 2. SAML 1.1 was ratified as an OASIS Standard in September 2003 3. SAML 2.0 became an OASIS Standard in March 2005

SAML standardizes the full range of functions associated with receiving, transmitting, and sharing security information to:

A federated environment involves at least three roles.

Rampart/C

Rampart/C serves as the security module for C language implementation of Apache Axis2/C SOAP engine. It provides a set of mechanisms to protect SOAP messages that are exchanged among different entities. Such mechanisms include message confidentiality and message authentication.

Deliverables

1. Complete Implementation of SAML Specification Sets 1.0 and 1.1 which have interoperability with previous SAML implementations.

2. Test Cases to Make Sure the functionality of the implementation.

3. Appropriate documentation to guarantee the continuation of the project.

4. Tutorial on how to use SAML Implementation with Axis2/C and Rampart/C.

Profit for Rampart/C

SAML establishes assertion and protocol schemas for the structure of the documents that transport security.After completing the project Rampart/C will be able to exchange security data that use SAML protocols and provide single sign-on capabilities.

Project Plan

Project Schedule

April 9th to May 28th

Study the Rampart/C architecture to understand how I can reuse available things and how to design.

Read the SAML Specifications and try to get an idea about how to do the implementation.

May 29th & 30th & 31st

Design the OASIS SAML implementation API which compatible with Rampart/C requirements and provide a universal API for SAML C library.

June 1st to June 25th

Implement the initial version which support SAML 1.0 Specification.

June 26th to July 1st

Writing Test cases and Testing the initial version.

Also I'll try to fix available bugs in initial version on this time period.

July 2nd to July 20th

Extend the current implementation to support SAML 1.1 Specification.

July 21st to July 25th

Writing Test Cases and Test the implemented code.

Fixing bugs found during testing process.

July 26th to August 5th

Milestone 1 Release and Documentation.

August 6th to August 20th

Fix the bugs and improve the SAML implementation according to community response.

Biography

I am a 22 years old undergraduate student at Computer Science and Engineering Department, University of Moratuwa, Sri Lanka. I am currently in Level 3 and will start the Level 4 (Final year) next May.

I have worked on Axis2/C Code Generation Tool and several other parts of Axis2/C. I was accepted as Apache Committer in January this year for the contribution I have done to Axis2/C project. I have been working with WSS4J project prior to working in Axis2/C. In that project I have implemented LDAP Keystore support(WSS-47) to WSS4J.

I am really interested in security related things and I hope this project will give me the opportunity to work and learn security related things. I'm sure that previous work I have done in Axis2/C and knowledge I have about WSS4J, Axis2/C, AXIOM and Rampart/C will be added advantages to successfully complete this project.

References

OASISS Security Services (SAML) TC

Axis2/C

Computer Science and Engineering Department

University of Moratuwa