AssertionServer

The AssertionServer is an open source library providing lightweight identity management functions based on the SAML standard.

Background: Identity management systems are used to manage and provide security relevant attributes about users and resources. Such attributes are used in modern access control systems, like e.g. XACML, both in the description and during the evaluation of access control policies. When such an attribute is used, the access control system has to verify the correctness of attribute values. In a distributed system most attributes are external to the access control system, therefore a secure service is needed that manages and provides these attributes.

Example:

Example use of AssertionServer

Our AssertionServer allows users to create, update, delete, and query attributes. Attributes can be retrieved in the form of SAML assertions. All functions of the assertion server can be protected by pluggable authentication and authorization modules. Example modules for password-based authentication and XACML authorization are provided.

Caveat emptor: This assertion server is provided as is, it is not intended as commercial tool and has not be extensively tested. Documentation is rudimentary (but present).

Technical: AssertionServer is implemented in Java 6. It uses the Log4j library for logging, MySQL and the MySQL JDBC are used in the example database connector. The example XACML authorization module uses SunXACML.

AssertionServer uses our own SAML attribute assertion library that can be used to create, read and verify SAML attribute assertions.

We also provide an Android version of this library. This library requires Apache Santuario for XML digital signatures.

Related links:

Download:

License: The SICS AssertionServer is available under the BSD license. You can check the text of the license here

Feedback: We are happy to receive your comments and contributions, please send them to:

ludwig [at] sics.se

Note: A previous version of the AssertionServer provided by the Security Policy and Trust laboratory existed, note that the present version radically differs from the old one (we think it's much improved).

BESbswyBESbswyBESbswyBESbswy

Copyright 2011 Swedish Institute of Computer Science. All rights reserved. Use is subject to license terms.