Difference between revisions of "SAML"

Revision as of 16:30, 17 June 2024

Security Assertion Markup Language is a collection of standards used in Identifier Management

There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.

Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.

The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.^[1]

@@ Line 3: / Line 3: @@
 ==Problems==
-There are two terms that SAML defined that defy logical analysis but have propigated misunderstanding to this day.
+There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.
-* Identity
+* [[Identity]] - the use in SAML lead to a conflation of the idea of a digital [[Identifier]] with a person's identity which it is surely is not.
-* Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]].
+* [[Claim]] - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]].
+==Vulernabilities==
+* The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref>
 ==References==