Google Summer of Code 2007 Proposal

Subject

OASIS SAML Implementation for Rampart/C

Author

P. P. S. Perera

Email

srimalcse@gmail.com, srimal@cse.mrt.ac.lk

Project Title

OASIS SAML Implementation for Rampart/C

Synopsis

'OASIS SAML Implementation for Rampart/C’ is a project which targeted on implementing Security Assertion Markup Language Set (SAML) to be integrated with the Rampart/C, the security module for C language implementation of Apache Axis2/C SOAP engine.

As an innovative solution for the business services, web services now have to correlate, collaborate and work interactively in order to deliver an efficient and satisfactorily service to the end consumer or application. This has lead to recommend the evolution of modular and reusable business services to be uplift with interactive web services but with the increment in collaboration and interaction, challenges arise in security point of view. The authentication and authorization plays a crucial part in this process across multiple web services and standard solutions are indeed needed.

Here, SAML can play a dominant roll as it strives to overcome the most important matter, the Single Sign-On (SSO) problem. Single sign-on solutions at the intranet level abound (using cookies, e.g.) but extending these solutions beyond the intranet has been problematic and has lead to the proliferation of proprietary technologies that do not interoperate. SAML has become the definitive standard underlying many web SSO solutions in the enterprise identity management problem space.

SAML 1.0 and 1.1 which products of the OASIS Security Services Technical Committee is a vendor neutral, XML based framework and it provides the XML standards for exchanging authentication and authorization data security domains act together with multiple web services. The existing SAML implementations are available for Java (OpenSAML Java) and C++ (OpenSAML C++) and these are incapable of integrating with Rampart/C due to implementation specification and language platform incompatibility.

The main purpose of this project as to implement this SAML integration module for Rampart/C upon the AXIOM (AXIs Object Model), which is the underlying xml processing framework used in Axis2/C and Rampart/C.

Project Details

SAML

The Security Assertion Markup Language(SAML) is a XML standard which define framework for exchanging security information between security domains, that is, between an identity provider and a service provider. It is a product of Security Services Technical Committee of the standards organization OASIS.

SAML has undergone one minor and major revisions since it's version 1.0 release. 1. SAML 1.0 was adopted as an OASIS Standard in November 2002 2. SAML 1.1 was ratified as an OASIS Standard in September 2003 3. SAML 2.0 became an OASIS Standard in March 2005

SAML standardizes the full range of functions associated with receiving, transmitting, and sharing security information to:

A federated environment involves at least three roles.

Rampart/C

Rampart/C serves as the security module for C language implementation of Apache Axis2/C SOAP engine. It provides a set of mechanisms to protect SOAP messages that are exchanged among different entities. Such mechanisms include message confidentiality and message authentication.

Deliverables

1. A comprehensive implementation of SAML specification sets 1.0 and 1.1, capable of interoperation with previous SAML implementations.

2. Test Cases and samples to verify the implementation functionalities.

3. Appropriate development documentation for the continuation of the project and the required user documents.

4. Tutorials, technical documentations for users to integrate the SAML implementation with Axis2/C and Rampart/C.

Profit for Rampart/C

SAML establishes assertion and protocol schemas for the structure of the documents that transport security.After completing the project Rampart/C will be able to exchange security data that use SAML protocols and provide single sign-on capabilities.

Project Plan

In this project my objective is to successfully implement a complete SAML 1.0 and 1.1 integration implementation for the Rampart/C. For that as the initiative steps, I would thoroughly study underlying xml processing framework used in Axis2/C and Rampart/C, the AXIOM and the SAML standards and the implementation strategies required.

Before implementation, I hope to study the existing SAML implementations (OpenSAML Java and OpenSAML C++) and identify the required functionalities for the Rampart/C module. After the implementation, SAML implementation will be integrated with Rampart/C.

Project Schedule

April 9th to May 28th

Study the Rampart/C architecture to understand how I can reuse available things and how to design.

Read the SAML Specifications and try to get an idea about how to do the implementation.

May 29th & 30th & 31st

Design the OASIS SAML implementation API which compatible with Rampart/C requirements and provide a universal API for SAML C library.

June 1st to June 25th

Implement the initial version which support SAML 1.0 Specification.

June 26th to July 1st

Writing Test cases and Testing the initial version.

Also I'll try to fix available bugs in initial version on this time period.

July 2nd to July 20th

Extend the current implementation to support SAML 1.1 Specification.

July 21st to July 25th

Writing Test Cases and Test the implemented code.

Fixing bugs found during testing process.

July 26th to August 5th

Milestone 1 Release and Documentation.

August 6th to August 20th

Fix the bugs and improve the SAML implementation according to community response.

Biography

I‘m an undergraduate student at the Department of Computer Science & Engineering, University of Moratuwa, Sri Lanka. I have a considerable knowledge in working on open source projects and I like to work on challenging tasks where I can explore the knowledge and learn new stuffs. ASF has been one of inspiring foundations which I would like to get actively involved in and from this project I hope to stretch my knowledge on web services and underlying strategies.

Also I'm impressed with the Apache organization for the role they play on open source software world and it would be a pleasure for me to work in their projects.

References

Computer Science and Engineering Department

University of Moratuwa

OASISS Security Services (SAML) TC