Possible Interoperability Use Cases on SAML / Liberty Standpoint

Transcript

1. ୈ 3 ճ Liberty Alliance ٕज़ηϛφʔ SAML / Liberty ͔Βݟͨ

   ૬ޓӡ༻ͷՄೳੑ ޻౻ୡ༤
   http://blogs.sun.com/tkudo αϯɾϚΠΫϩγεςϜζגࣜձࣾ ιϑτ΢ΣΞɾϏδωε౷ׅຊ෦ ΞΠσϯςΟςΟɾϚωʔδϝϯτɾϏδωε୲౰ July 18, 2008

2. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ اۀΞΠσϯςΟςΟ؅ཧγεςϜͷैདྷͷ໾ׂ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ

3. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ اۀΞΠσϯςΟςΟ؅ཧγεςϜͷैདྷͷ໾ׂ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ

4. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ اۀΞΠσϯςΟςΟ؅ཧγεςϜͷैདྷͷ໾ׂ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ ಠ ࣗ ࿈ ܞ 䶡 䶷 䶒 䵽 䶵 Ϣʔβ

5. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ ࣾ֎ͷαʔϏεͱ࿈ܞ͠ɺࣾ֎ͷϢʔβΛऔΓࠐΉ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ

6. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ ࣾ֎ͷαʔϏεͱ࿈ܞ͠ɺࣾ֎ͷϢʔβΛऔΓࠐΉ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ αʔϏε ࣾ֎αʔϏεͷར༻

7. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ ࣾ֎ͷαʔϏεͱ࿈ܞ͠ɺࣾ֎ͷϢʔβΛऔΓࠐΉ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ ύʔτφʔ αʔϏε ࣾ֎αʔϏεͷར༻ ࣾ֎Ϣʔβ΁ͷαʔϏεఏڙ

8. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ ΞΠσϯςΟςΟɾϑϨʔϜϫʔΫ͸ඞવతʹࠞࡏ͢Δ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ ύʔτφʔ αʔϏε SAML 2.0 SAML 1.1 OpenID WS-Federation InfoCard Liberty ID-WSF

9. Copyright © 2008 Sun Microsystems K.K. ΞϓϦέʔγϣϯ ΞΠσϯςΟςΟɾϑϨʔϜϫʔΫ͸ඞવతʹࠞࡏ͢Δ ΞΠσϯςΟςΟɾ ϓϩϏδϣχϯά

   ϩʔϧɾ ϥΠϑαΠΫϧ؅ཧ σΟϨΫτϦɾ αʔϏε ΞΫηε؅ཧ / SSO / ϑΣσϨʔγϣϯ ΞΠσϯςΟςΟ؅ཧ γεςϜ Ϣʔβ ύʔτφʔ αʔϏε SAML 2.0 SAML 1.1 OpenID WS-Federation InfoCard Liberty ID-WSF ϑϨʔϜ ϑϨʔϜ ϫʔΫؒͷ ϫʔΫؒͷ ૬ޓӡ༻͕ ૬ޓӡ༻͕ ٻΊΒΕΔ ٻΊΒΕΔ

10. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML /

    WS-Federation SSO ͱͷ࿈ܞ http://projectconcordia.org/index.php/Infocard_Authentication_Scenario_Details ϦϥΠϯάɾ ύʔςΟ
    / αʔϏεɾ ϓϩόΠμ ΞΠσϯ ςΟςΟɾ ϓϩόΠμ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 / WS-Federation InfoCard ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ೝূίϯςΫετ৘ใͷҡ࣋

11. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 1. αʔϏεɾϓϩόΠμ΁ΞΫηε
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard 1

12. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 2. SAML IdP ΁ϦμΠϨΫτ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 2

13. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 2. SAML IdP ΁ϦμΠϨΫτ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 2 <samlp:AuthnRequest> <samlp:RequestedAuthnContext Comparison="exact"> <samlp:AuthnContextClassRef> http://projectconcordia.org/ rsainterop/authnmech/ managed/x509 (*) </samlp:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest> (*) ϚωʔδυɾΧʔυɺ͔ͭ X.509 ূ໌ॻೝূΛཁٻ

14. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 3. ΞΠσϯςΟςΟɾηϨΫλΛىಈ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 3

15. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 3. ΞΠσϯςΟςΟɾηϨΫλΛىಈ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 3 <OBJECT type="application/x-informationCard" name="xmlToken"> <PARAM Name="RequiredClaims" value="http://projectconcordia.org/rsainterop/ authnmech/managed/x509 http://schemas.xmlsoap.org/ws/2005/05/ identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/ identity/claims/surname"/> </OBJECT>

16. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 4. ৚݅Λຬͨ͢ΧʔυΛબ୒͠ɺηΩϡϦςΟɾτʔΫϯΛϦΫΤετ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP)

17. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 4. ৚݅Λຬͨ͢ΧʔυΛબ୒͠ɺηΩϡϦςΟɾτʔΫϯΛϦΫΤετ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 4

18. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 4. ৚݅Λຬͨ͢ΧʔυΛબ୒͠ɺηΩϡϦςΟɾτʔΫϯΛϦΫΤετ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 4 <wst:RequestSecurityToken> ... </wst:RequestSecurityToken>

19. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 5. ࠷ॳʹϦΫΤετ͞ΕͨೝূίϯςΫετʹΑͬͯϢʔβΛೝূ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 5

20. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 5. ࠷ॳʹϦΫΤετ͞ΕͨೝূίϯςΫετʹΑͬͯϢʔβΛೝূ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 5 X.509 ূ໌ॻΛఄࣔ

21. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 6. ηΩϡϦςΟɾτʔΫϯΛൃߦ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 6

22. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 6. ηΩϡϦςΟɾτʔΫϯΛൃߦ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 6 <wst:RequestSecurityTokenResponse> <saml:Assertion ID="foo"> <saml:Subject/> <saml:Conditions> <saml:AudienceRestriction> <saml:Audience>http://www.inforcardrp.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement> <saml:AuthnContext> <saml:AuthnContextClassRef> http://projectconcordia.org/rsainterop/authnmech/ managed/x509 </saml:AuthnContextClassRef> <saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <!-- this duplicates authn context above --> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://projectconcordia.org/rsainterop/authnmech/managed/x509"> <saml:AttributeValue> http://projectconcordia.org/rsainterop/authnmech/managed/x509 </saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="givenname"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="surname"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst:RequestSecurityTokenResponse>

23. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 7. ηΩϡϦςΟɾτʔΫϯΛసૹ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 7

24. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 7. ηΩϡϦςΟɾτʔΫϯΛసૹ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 7 <wst:RequestSecurityTokenResponse> <saml:Assertion ID="foo"> <saml:Subject/> <saml:Conditions> <saml:AudienceRestriction> <saml:Audience>http://www.inforcardrp.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement> <saml:AuthnContext> <saml:AuthnContextClassRef> http://projectconcordia.org/rsainterop/authnmech/ managed/x509 </saml:AuthnContextClassRef> <saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <!-- this duplicates authn context above --> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://projectconcordia.org/rsainterop/authnmech/managed/x509"> <saml:AttributeValue> http://projectconcordia.org/rsainterop/authnmech/managed/x509 </saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="givenname"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="surname"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </wst:RequestSecurityTokenResponse>

25. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 8. ΞαʔγϣϯΛൃߦ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 8

26. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 8. ΞαʔγϣϯΛൃߦ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 8 <samlp:Response> <saml:Assertion ID="bar"> <saml:Subject/> <saml:Conditions> <saml:AudienceRestriction> <saml:Audience>http://www.samlrp.com</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement> <saml:AuthnContext> <saml:AuthnContextClassRef> http://projectconcordia.org/rsainterop/ authnmech/managed/x509 </saml:AuthnContextClassRef> <saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <!-- this duplicates authn context above --> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://projectconcordia.org/rsainterop/authnmech/managed/x509"> <saml:AttributeValue> http://projectconcordia.org/rsainterop/authnmech/managed/x509 </saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="givenname"> <saml:AttributeValue>John</saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="http://schemas.xmlsoap.org/ws/2005/05/identity/claims" Name="surname"> <saml:AttributeValue>Doe</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>

27. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 9. αʔϏε΁ͷΞΫηεΛڐՄ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 9

28. Copyright © 2008 Sun Microsystems K.K. InfoCard ೝূͱ SAML SSO

    ͱͷ࿈ܞ 9. αʔϏε΁ͷΞΫηεΛڐՄ ϒϥ΢β ΞΠσϯ ςΟςΟɾ ηϨΫλ Ϣʔβ SAML2 InfoCard
    αʔϏεɾ ϓϩόΠμ (SP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) ϦϥΠϯάɾ ύʔςΟ (RP) ΞΠσϯ ςΟςΟɾ ϓϩόΠμ (IdP) 9 ͜Μʹͪ͸ɺ John ͞Μ !

29. Copyright © 2008 Sun Microsystems K.K. SAML 2 SSO ͱ

    WS-Federation SSO ͱͷ࿈࠯ http://projectconcordia.org/index.php/Inter-Federation_Scenario_Details • WS-Fed RP ΁ͷΞΫηεʹ SAML2 IdP Λར༻ • SAML2 IdP ΁ͷΞΫηεʹ WS-Fed IdP Λར༻

30. Copyright © 2008 Sun Microsystems K.K. OpenID ͱ Liberty ID-WSF

    ͱͷ࿈ܞ http://iiw.idcommons.net/index.php/OpenID_Bootstrapping_ID-WSF_2.0 OpenID ϓϩόΠμ ݸਓ৘ใ؅ཧαʔϏε Web ೝূαʔϏε ID-WSF ύʔιφϧɾ ϓϩϑΝΠϧɾαʔϏε ϓϩϑΝΠϧ৘ใ OpenID ϦϥΠϯάɾύʔςΟ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ ݸਓ৘ใ؅ཧαʔϏε΁ΞΫηε

31. Copyright © 2008 Sun Microsystems K.K. OpenID ͱ Liberty ID-WSF

    ͱͷ࿈ܞ http://iiw.idcommons.net/index.php/OpenID_Bootstrapping_ID-WSF_2.0 OpenID ϓϩόΠμ ݸਓ৘ใ؅ཧαʔϏε Web ೝূαʔϏε ID-WSF ύʔιφϧɾ ϓϩϑΝΠϧɾαʔϏε ϓϩϑΝΠϧ৘ใ ϩάΠϯ OpenID ϦϥΠϯάɾύʔςΟ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ

32. Copyright © 2008 Sun Microsystems K.K. OpenID ͱ Liberty ID-WSF

    ͱͷ࿈ܞ http://iiw.idcommons.net/index.php/OpenID_Bootstrapping_ID-WSF_2.0 OpenID ϓϩόΠμ ݸਓ৘ใ؅ཧαʔϏε Web ೝূαʔϏε ID-WSF ύʔιφϧɾ ϓϩϑΝΠϧɾαʔϏε ϓϩϑΝΠϧ৘ใ OpenID ϦϥΠϯάɾύʔςΟ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ ϓϩϑΝΠϧɾαʔϏε΁ͷ ΤϯυϙΠϯτࢀরΛ Attribute Exchange Ͱఏڙ

33. Copyright © 2008 Sun Microsystems K.K. OpenID ͱ Liberty ID-WSF

    ͱͷ࿈ܞ http://iiw.idcommons.net/index.php/OpenID_Bootstrapping_ID-WSF_2.0 OpenID ϓϩόΠμ ݸਓ৘ใ؅ཧαʔϏε Web ೝূαʔϏε ID-WSF ύʔιφϧɾ ϓϩϑΝΠϧɾαʔϏε ϓϩϑΝΠϧ৘ใ ΤϯυϙΠϯτࢀরΛ΋ͱʹɺϓϩϑΝΠϧ ৘ใ؅ཧαʔϏεʹΞΫηε OpenID ϦϥΠϯάɾύʔςΟ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ

34. Copyright © 2008 Sun Microsystems K.K. OpenID ͱ Liberty ID-WSF

    ͱͷ࿈ܞ http://iiw.idcommons.net/index.php/OpenID_Bootstrapping_ID-WSF_2.0 OpenID ϓϩόΠμ OpenID ϦϥΠϯάɾύʔςΟ ి࿩ձࣾ ݸਓ৘ใ؅ཧαʔϏε Web ೝূαʔϏε ϛχϒϩά ID-WSF ύʔιφϧɾ ϓϩϑΝΠϧɾαʔϏε ϓϩϑΝΠϧ৘ใ إࣸਅΛऔಘ ॅॴ΍إࣸਅΛมߋ ॅॴ৘ใ͕ มߋ͞Εͨͱ͖ʹ ௨஌Λड͚औΓ OpenID ʹΑΔϩάΠϯ࣌ʹɺ RED-ID ͕ɺϓϩϑΝΠϧɾαʔϏε΁ͷ ΤϯυϙΠϯτࢀরΛ Attribute Exchange Ͱఏڙ OpenID ʹΑΔϩάΠϯ࣌ʹɺ RED-ID ͕ɺϓϩϑΝΠϧ͔Βऔಘͨ͠ إࣸਅ৘ใΛ Attribute Exchange Ͱఏڙ ϩάΠϯ OpenID ϦϥΠϯάɾύʔςΟ OpenID ϦϥΠϯάɾύʔςΟ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ Web αʔϏεɾ ΫϥΠΞϯτ

35. 3rd Liberty Alliance Technical Seminar Possible Interoperability Use Cases on

    SAML / Liberty Standpoint Tatsuo Kudo http://blogs.sun.com/tkudo Identity Management Business Development Software Practice Sun Microsystems K.K. July 18, 2008