Monday, 31 March 2008
Dynamic SAML Article in IEEE Security & Privacy
The IEEE Security and Privacy magazine just published an article I co-wrote with Nate Klingenstein and Leif Johansson on Dynamic SAML and how it can be used to simplify SAML deployments. Nate and Leif are two extremely knowledgeable federation and security experts who hail from the Shibboleth community. You can read the article online without a subscription here.
It was both interesting and enlightening to work with Nate and Leif on this article as they brought an alternate perspective from the Shibboleth world as to why Dynamic SAML will be beneficial to Shibboleth federation communities. The article became an intersection of our combined ideas on how automating the exchange of SAML configuration information (meta-data) can lead to simpler SAML deployments.
Dynamic SAML is also the foundation of our Auto-Connect capability in PingFederate 5.0. Auto-Connect includes some additional optimizations that we felt would further simplify SAML deployments. One example of this is the requirement to use the simpler front-channel Browser POST and Redirect bindings. Nate, Leif and I discussed the merits of including this and other Auto-Connect optimizations in Dynamic SAML, but decided to leave them out and treat them as deployment best practices and conventions. During this exchange, one of my favorite quotes came from Nate who succinctly said - "I think back channel's dead". Sort of sums up my view of the SAML Artifact binding.
