|Networking government in New Zealand.

Tabs

Site map Access Keys Contact us About this site

You are here: Home » Standards » Interoperability (e-GIF) » Authentication Standards » New Zealand Security Assertion Messaging Standard » Part 2 - Constraints on OASIS SAML v2.0 for New Zealand Government Deployments as NZ SAMS

Part 2 - Constraints on OASIS SAML v2.0 for New Zealand Government Deployments as NZ SAMS

Part II contains complex technical material suitable for enterprise architects, security analysts and developers.

Readers of Part II should be aware that NZ SAMS is a constrained deployment profile of the SAML v2.0 standard first published by OASIS in March 2005. There is no intention, nor requirement, to rewrite or redevelop OASIS SAML v2.0. OASIS SAML v2.0 remains the “source” to all implementers of SAML in the New Zealand Government. To support this notion, NZ SAMS simply constrains a single implementation approach from the various options offered by OASIS SAML v2.0. This constraint is in the interests of all-of-government interoperability within New Zealand.

The OASIS SAML v2.0 Specifications are published at http://www.oasis-open.org/.

The following Specifications are prescribed by NZ SAMS in this release:

Conformance Requirements for SAML v2.0
Metadata for SAML v2.0
Profiles for SAMLv2.0
Bindings for SAML v2.0
Assertion and Protocols for SAML v2.0 (often referred to as “Core”).

The order of the specifications prescribed in the sections 8 to 12 are worth noting. The constraint of the Conformance and Metadata specifications create the interoperability foundation for all New Zealand government implementations. The selected constraints from the SAML Profiles, Bindings, Assertions and Protocols (Core) reflect the usage patterns described in the agency use cases presented to the working group preparing NZ SAMS.

Implementers are strongly advised to familiarise themselves with the OASIS SAML v2.0 Specifications on the OASIS website link above, including the Auxiliary and Outreach Information, before continuing to read this Standard.

A particular auxiliary document worth noting is the Errata document. It contains important corrections and clarifying text to the published SAML v2.0 Specifications. While the errata document is not yet a normative part of the formal SAML v2.0 OASIS Standard, the information in it provides insight into what the Security Services (SAML) Technical Committee “meant” in certain areas of the Standard.

The constraint of OASIS SAML v2.0 into NZ SAMS is prescribed line-by-line from the original OASIS SAML v2.0 Specification. Readers are advised to have both the OASIS SAML v2.0 Specification and the NZ SAMS Standard open and accessible. Readers then work through the documents line by line, noting where NZ SAMS constrains the deployment from the options provided by OASIS SAML v2.0.

[ Previous ] [ Next ]