Google Summer of Code 2007 Proposal
OASIS SAML Implementation for Rampart/C
P. P. S. Perera
OASIS SAML Implementation for Rampart/C
'OASIS SAML Implementation for Rampart/C’ is a project which targeted on implementing Security Assertion Markup Language Set (SAML) to be integrated with the Rampart/C, the security module for C language implementation of Apache Axis2/C SOAP engine.
As an innovative solution for the business services, web services now have to correlate, collaborate and work interactively in order to deliver an efficient and satisfactorily service to the end consumer or application. This has lead to recommend the evolution of modular and reusable business services to be uplift with interactive web services but with the increment in collaboration and interaction, challenges arise in security point of view. The authentication and authorization plays a crucial part in this process across multiple web services and standard solutions are indeed needed.
Here, SAML can play a dominant roll as it strives to overcome the most important matter, the Single Sign-On (SSO) problem. Single sign-on solutions at the intranet level abound (using cookies, e.g.) but extending these solutions beyond the intranet has been problematic and has lead to the proliferation of proprietary technologies that do not interoperate. SAML has become the definitive standard underlying many web SSO solutions in the enterprise identity management problem space.
SAML 1.0 and 1.1 which products of the OASIS Security Services Technical Committee is a vendor neutral, XML based framework and it provides the XML standards for exchanging authentication and authorization data security domains act together with multiple web services. The existing SAML implementations are available for Java (OpenSAML Java) and C++ (OpenSAML C++) and these are incapable of integrating with Rampart/C due to implementation specification and language platform incompatibility.
The main purpose of this project as to implement this SAML integration module for Rampart/C upon the AXIOM (AXIs Object Model), which is the underlying xml processing framework used in Axis2/C and Rampart/C.
The Security Assertion Markup Language(SAML) is a XML standard which define framework for exchanging security information between security domains, that is, between an identity provider and a service provider. It is a product of Security Services Technical Committee of the standards organization OASIS.
SAML has undergone one minor and major revisions since it's version 1.0 release. 1. SAML 1.0 was adopted as an OASIS Standard in November 2002 2. SAML 1.1 was ratified as an OASIS Standard in September 2003 3. SAML 2.0 became an OASIS Standard in March 2005
SAML standardizes the full range of functions associated with receiving, transmitting, and sharing security information to:
- Provide XML formats for user security information and formats to request and transmit the information.
- Define how these messages work with protocols such as SOAP.
- Specify precise message exchanges for certain common use cases, such as Web SSO.
- Support a number of privacy protection mechanisms, including the ability to determine users' attributes without revealing their identities.
- Detail how to handle identity information in formats provided by widely used technologies, including Unix, Microsoft Windows, X.509, and LDAP, DCE, and XCML.
- Formulate a metadata schema that allows participating systems to communicate the SAML options they support.
A federated environment involves at least three roles.
- Relying Party - makes use of the identity information; typically this is a Service Provider that decides what requests to allow
- Asserting Party - provides the security information; SAML calls this the "Identity Provider"
- Subject - the user associated with the Identity Information
Rampart/C serves as the security module for C language implementation of Apache Axis2/C SOAP engine. It provides a set of mechanisms to protect SOAP messages that are exchanged among different entities. Such mechanisms include message confidentiality and message authentication.
1. A comprehensive implementation of SAML specification sets 1.0 and 1.1, capable of interoperation with previous SAML implementations.
2. Test Cases and samples to verify the implementation functionalities.
3. Appropriate development documentation for the continuation of the project and the required user documents.
4. Tutorials, technical documentations for users to integrate the SAML implementation with Axis2/C and Rampart/C.
Profit for Rampart/C
SAML establishes assertion and protocol schemas for the structure of the documents that transport security.After completing the project Rampart/C will be able to exchange security data that use SAML protocols and provide single sign-on capabilities.
In this project my objective is to successfully implement a complete SAML 1.0 and 1.1 integration implementation for the Rampart/C. For that as the initiative steps, I would thoroughly study underlying xml processing framework used in Axis2/C and Rampart/C, the AXIOM and the SAML standards and the implementation strategies required.
Before implementation, I hope to study the existing SAML implementations (OpenSAML Java and OpenSAML C++) and identify the required functionalities for the Rampart/C module. After the implementation, SAML implementation will be integrated with Rampart/C.
April 9th to May 28th
Study the Rampart/C architecture to understand how I can reuse available things and how to design.
Read the SAML Specifications and try to get an idea about how to do the implementation.
May 29th & 30th & 31st
Design the OASIS SAML implementation API which compatible with Rampart/C requirements and provide a universal API for SAML C library.
June 1st to June 25th
Implement the initial version which support SAML 1.0 Specification.
June 26th to July 1st
Writing Test cases and Testing the initial version.
Also I'll try to fix available bugs in initial version on this time period.
July 2nd to July 20th
Extend the current implementation to support SAML 1.1 Specification.
July 21st to July 25th
Writing Test Cases and Test the implemented code.
Fixing bugs found during testing process.
July 26th to August 5th
Milestone 1 Release and Documentation.
August 6th to August 20th
Fix the bugs and improve the SAML implementation according to community response.
I‘m an undergraduate student at the Department of Computer Science & Engineering, University of Moratuwa, Sri Lanka. I have a considerable knowledge in working on open source projects and I like to work on challenging tasks where I can explore the knowledge and learn new stuffs. ASF has been one of inspiring foundations which I would like to get actively involved in and from this project I hope to stretch my knowledge on web services and underlying strategies.
Also I'm impressed with the Apache organization for the role they play on open source software world and it would be a pleasure for me to work in their projects.