Standards and Specifications
GridShib is based on X.509 and SAML standards:
- X.509
- SAML
- Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (SAMLCore)
- SAML Request-Response Protocol
- how to formulate a SAML attribute query
- how to validate a SAML Response
- SAML Assertions
- how to validate a SAML Assertion
- SAML Request-Response Protocol
- Bindings and Profiles for the OASIS Security Assertion Markup Language (SAML) V1.1 (SAMLBind)
- SOAP Binding for SAML
- how to bind a SAML request-response message to a SOAP request-response message
- SOAP Binding for SAML
- Shibboleth Architecture: Protocols and Profiles (ShibProt)
- Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V1.1 (SAMLCore)
Leveraged standards and specifications:
- X.509 SAML Subject Profile
- a subprofile of SAML V1.1 Profiles for X.509 Subjects
- how to formulate a SAML Subject having Format X509SubjectName
- SAML Assertion Profile for X.509 Subjects
- a subprofile of SAML V1.1 Profiles for X.509 Subjects
- specifies use of X.509 SAML Subject Profile
- implemented by
ShibbolethAuthenticationAuthorityTool
- implemented by
ShibbolethAttributeAuthorityTool
- SAML Attribute Query Profile for X.509 Subjects
- a subprofile of SAML V1.1 Profiles for X.509 Subjects
- specifies use of SAML Request-Response Protocol
- specifies use of SOAP Binding for SAML
- specifies use of SAML Assertion Profile for X.509 Subjects
- implemented by
ShibbolethAttributeQueryPIP
- implemented by
ShibbolethAttributeQueryTool
- SAML Attribute Self-Query Profile for X.509 Subjects
- a subprofile of SAML V1.1 Profiles for X.509 Subjects
- extends SAML Attribute Query Profile for X.509 Subjects
- implemented by
ShibbolethAttributeQueryTool
- X.509 Binding for SAML
- how to bind a SAML assertion to an X.509 certificate
- implemented by
SAMLX509BindingTool
- X.509 Attribute-based Authorization Profile for SAML
- specifies use of X.509 Binding for SAML
- specifies use of SAML Assertion Profile for X.509 Subjects
- implemented by
SAMLX509AttributeBasedAuthzPIP
- X.509 Authorization Decision Profile for SAML
- specifies use of X.509 Binding for SAML
- specifies use of SAML Assertion Profile for X.509 Subjects
- implemented by
SAMLX509AuthzDecisionPIP
Other relevant standards and specifications:
- Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x
- Metadata Extension for SAML V2.0 and V1.x Query Requesters