Teorías que convergen en el campo del aprendizaje social.

Each assertion has a set of data that is common to all assertions. There is the typical bookkeeping data such as the version number of the specification that this particular assertion supports, what namespaces define the originating organization, and what other specifications this assertion uses.

The common portion contains the identity of the security principal of this assertion, called subjectby SAML. The subject can have a domain and a name. There is another aspect of subject called subject confirmation. This can be used as an alternate way of identifying the subject and/or as a means by which the target can confirm the authen- tication of the subject of the assertion. For example, a subject could be identified as the holder of the private key associated with the X.509 certificate contained in the subject confirmation. The subject confirmation authentication evidence theoretically could be used by a third party to authenticate the subject. This last point is interesting in that SAML has not yet defined an XML schema for authentication. However, using the sub- ject confirmation for authentication is not the intention nor would it be in conformance with the specification.

Let’s take a look at a fragment of the XML schema that defines the subject and the subject confirmation. Below is the schema fragment from the SAML specification that defines the SubjectType. (The full specification schema may be found at the OASIS Web site at http://www.oasis-open.org/committees/security/docs/cs-sstc-schema- assertion-01.xsd.)

<element name=”Subject” type=”saml:SubjectType”/> <complexType name=”SubjectType”>

<choice> <sequence>

<element ref=”saml:NameIdentifier”/>

<element ref=”saml:SubjectConfirmation” minOccurs=”0”/> </sequence>

<element ref=”saml:SubjectConfirmation”/> </choice>

</complexType>

Copyright © OASIS Open (2001, 2002). All Rights Reserved

The first line in the schema fragment defines an element, which is a basic type in XML, whose name is Subject. The Subjectis of type saml:SubjectType. The saml:means that the SubjectTypeis defined by SAML. The first part of the schema, which hasn’t been shown here, defines a number of Uniform Resource Identifiers (URIs). One of the defined URIs is saml. The URI in this definition points to the SAML namespace.

On the second line, we see the beginning of the definition of SubjectType. It is a com- plexType, which means that it is composed of a number of other definitions. This is in contrast to a simple type that can consist of only one element such as a string or an inte- ger. The third line says that the things that compose the SubjectTypeare a choice of, in this case, two elements. The first choice is a sequence of a NameIdentifierfollowed by a

SubjectConfirmation.

The ref= that proceeds the NameIdentifier and the SubjectConfirmation means that these elements are defined elsewhere in the schema. You will notice that the Subject- Confirmationis followed by a minOccurs=”0”. This means that the SubjectConfirmationis optional. There is also a term maxOccurs that tell how many times the element can occur. The default value of both minOccursand maxOccursis 1.

The second choice for SubjectType is to identify the Subject only by the Subject Confirmation.

The definition of the NameIdentifieris:

<element name=”NameIdentifier” type=”saml:NameIdentifierType”/> <complexType name=”NameIdentifierType”>

<simpleContent>

<extension base=”string”>

<attribute name=”NameQualifier” type=”string” “use=optional”/> <attribute name=”Format” type=”anyURI” use=”optional”/>

</extension> </simpleContent> </complexType>

Copyright © OASIS Open (2001, 2002). All Rights Reserved

We can see that the Subject name in SAML is made up of the name itself, which is a simple string, and two optional attributes NameQualifier and Format, which are both strings. The syntax of an attribute is a little different from that of an element. It must be a simple type. Also, note an attribute is optional by using use=”optional”, rather than maxOccurs=0 as with elements. By default an attribute is required. The Name itself is a little tricky when looking at the schema in that it doesn’t appear to be there. However, it is the value of the element NameIdentifierand is a string.

That should give you a good idea of how to read a schema. There are other con- structs that we will explain as we come across them. In addition, there some obtuse schema constructs that schema lawyers can argue about, but the casual reader can ignore.

The schema for the SubjectConfirmationhas a few more terms, but you should be able to get the meaning. It is:

<element name=”SubjectConfirmation”

type=”saml:SubjectConfirmationType”/> <complexType name=”SubjectConfirmationType”>

<sequence>

<element ref=”saml:ConfirmationMethod” maxOccurs=”unbounded”/> <element ref=”saml:SubjectConfirmationData” minOccurs=”0”/>

<element ref=”ds:KeyInfo” minOccurs=”0”/> </sequence>

</complexType>

<element name=”SubjectConfirmationData” type=”anyType”/> <element name=”ConfirmationMethod” type=”anyURI”/>

Copyright © OASIS Open (2001, 2002). All Rights Reserved

There are a few new terms here. The element KeyInfois proceeded by ds:where ds

refers to the digital signature specification developed by W3C. KeyInfocontains ele- ments to enable one to retrieve the keys used in conjunction with the specific SAML assertion. For example, the key, if present, would be the one held by the subject of the SAML document. The format of the information may range from an X.509 certificate to the value of the key itself to a means to retrieve the key from some other place.

The SubjectConfirmationDatamay be a base64-encoded password, or other simple security evidence such as a digest.

The common portion of an assertion also requires the issuer of the assertion and the date/time that the assertion was issued be included. An assertion may also be digitally signed, in which case the digital signature is specified by the digital signature specifi- cation. There is also an optional element, called Condition, that, if included in the asser- tion, must be understood by the target. If the elements of the condition are not valid, the assertion must be rejected. If any subelements of the condition cannot be evaluated, the assertion is said to be indeterminate. At present, the Conditionselement contains the time for which the assertion is valid, the audience to which the assertion is directed, and the target restrictions. More conditions may be added in the future since the Con- ditionselement can be expanded.

The final element in the common portion of an assertion is an element called Advice. The Adviceelement may contain assertions or IDs for assertions, or any type of infor- mation that the creator of the assertion wants to include. It allows nonstandard infor- mation to be inserted into the assertion. There is no requirement that a receiving party understand information in the Adviceelement. Therefore, information in the Adviceele- ment may be ignored.

We will now move on through the assertion description and explain the statement portion of an XML assertion.