DAME: On-demand Internet-scale SAML Metadata Exchange

Grabatin, Michael; Hommel, Wolfgang; Metzger, Stefan; Pöhn, Daniela

Home // International Journal On Advances in Systems and Measurements, volume 8, numbers 3 and 4, 2015 // View article

DAME: On-demand Internet-scale SAML Metadata Exchange

Authors:
Michael Grabatin
Wolfgang Hommel
Stefan Metzger
Daniela Pöhn

Keywords: Federated Identity Management; SAML; Shibboleth; Inter-Federation; Trust-Management

Abstract:
Inter-organizational IT service access based on the Security Assertion Markup Language (SAML), the predominant standard for Federated Identity Management (FIM), suffers from metadata scalability issues when Identity Providers (IDPs) and Service Providers (SPs) from different federations are involved. This article presents Dynamic Automated Metadata Exchange (DAME) for SAML-based FIM and its open source implementation, GÉANT-TrustBroker, which is currently in preparation for pilot operations within the pan-European research and education network, GÉANT. Based on the DAME metadata broker architecture and workflows, the concept of Internet-scale dynamic virtual federations is introduced and life-cycle management concepts are discussed; special emphasis is put on the risk management aspects of GÉANT-TrustBroker.

Pages: 156 to 167

Publication date: December 30, 2015

Published in: journal

ISSN: 1942-261x