1
Scope
2 References
3 Definitions
3.1
Imported
definitions
3.2
Additional definitions
4 Abbreviations
5 Conventions
6 Overview
7 Common
data types
7.1
String
values
7.2
URI
values
7.3
Time
values
7.4
ID and ID reference
values
8 SAML assertions and
protocols
8.1 SAML
assertions
8.2 SAML
protocols
8.3 SAML
versioning
8.4 SAML and
XML signature syntax and
processing
8.5 SAML AND
XML encryption syntax and processing
8.6 SAML
extensibility
8.7 SAML-defined
identifiers
9 SAML metadata
9.1
Metadata
9.2
Signature processing
9.3 Metadata
publication and resolution
10 Bindings for
SAML
10.1 Guidelines
for specifying additional protocol bindings
10.2 Protocol
bindings
11 Profiles for
SAML
11.1 Profile
concepts
11.2 Specification
of additional profiles
11.3 Confirmation method identifiers
11.4
SSO Profiles of SAML
12 SAML authentication context
12.1
Authentication context concepts
12.2
Authentication context
declaration
12.3
Authentication context classes
13 Conformance requirements for SAML
13.1 SAML profiles
and possible implementations
13.2
Conformance
13.3 XML digital
signature and XML encryption
13.4 Use of TLS 1.0
Annex A – SAML schemas
A.1 SAML
Schema
Assertion
A.2 SAML
Schema Authentication Context
A.3 SAML
Schema Authentication Context
AuthenticatedTelephony
A.4 SAML
Schema Authentication Context
IP
A.5 SAML
Schema Authentication Context
IPPWord
A.6 SAML
Schema Authentication Context
Kerberos
A.7 SAML
Schema Authentication Context MobileOneFactor-reg
A.8 SAML
Schema Authentication Context MobileOneFactor-unreg
A.9 SAML
Schema Authentication Context MobileTwoFactor-reg
A.10 SAML Schema
Authentication Context
MobileTwoFactor-unreg
A.11 SAML Schema
Authentication Context NomadTelephony
A.12 SAML Schema
Authentication Context
PersonalizedTelephony
A.13 SAML Schema Authentication Context PGP
A.14 SAML Schema
Authentication Context PPT
A.15 SAML Schema Authentication Context
Password
A.16 SAML Schema
Authentication Context
PreviousSession
A.17 SAML Schema
Authentication Context Smartcard
A.18 SAML Schema
Authentication Context SmartardPKI
A.19 SAML Schema
Authentication Context SoftwarePKI
A.20 SAML Schema
Authentication Context SPKI
A.21 SAML Schema
Authentication Context SRP
A.22 SAML Schema
Authentication Context Telephony
A.23 SAML Schema
Authentication Context TimeSync
A.24 SAML Schema
Authentication Context types
A.25 SAML Schema
Authentication Context X.509
A.26 SAML Schema
Authentication Context XMLDSig
A.27 SAML Schema
ECP
A.28 SAML Schema
metadata
A.29 SAML Schema
protocol
A.30 SAML Schema
X.500
A.31 SAML Schema
XACML
Appendix I – Security and privacy considerations
I.1
Privacy
I.2
Confidentiality
I.3
Pseudonymity and anonymity
I.4
Security
I.5 Security
techniques
I.6 General
SAML security considerations
I.7 SAML
bindings security considerations
Appendix II – Registration of MIME media type
application/samlassertion+xml
Appendix III – Registration of MIME media type
application/samlmetadata+xml
Appendix IV – Use of SSL
Appendix V – SAML Schema Authentication Context
Appendix VI – Authentication Context types XML Schema
Appendix VII – SAML DCE PAC attribute profile
VII.1 DCE PAC attribute
profile
VII.2 SAML schema
dce
VII.3 Example
Appendix VIII – OASIS clarifications of SAML
VIII.1
Potential errata: PE14
VIII.2 Potential errata:
PE26
BIBLIOGRAPHY