Information Technology Reference
In-Depth Information
Listing 2
SAML Authentication Request
<samlp:AuthnQuery
xmlns:samlp=
"urn:oasis:names:tc:SAML:2.0:protocol"
ID=
"AuthnQuery1"
>
<saml:Subject
xmlns:saml=
"urn:oasis:names:tc:SAML:2.0:assertion"
>
<saml:NameID>
"Umme"
</saml:NameID>
</saml:Subject>
<samlp:RequestedAuthnContext>
<saml:AuthnContextClassRef
xmlns:saml=
"urn:oasis:names:tc:SAML:2.0:assertion"
>
urn:oasis:names:tc:SAML:2.0:ac:classes:
"PasswordProtectedTransport"
</samlp:RequestedAuthnContext>
</samlp:AuthnQuery>
Listing 3
SAML Authentication Response
<samlp:Response
xmlns:samlp=
"urn:oasis:names:tc:SAML:2.0:protocol"
InResponseTo=
"AuthnQuery1"
>
<samlp:Status>
<samlp:StatusCode
Value=
"urn:oasis:names:tc:SAML:2.0:status:Success"
/>
</samlp:Status>
<saml:Subject>
<saml:NameID>
"Umme"
</saml:NameID></saml:Subject>
<saml:AuthnStatement> <saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:
ac:classes:
"PasswordProtectedTransport"
</saml:AuthnContextClassRef>
</saml:Assertion>
</samlp:Response>
6.
Access Right Delegation (ARD):
This module deals with the delegation of ac-
cess rights among the subscribers of local as well as different but trusted Cloud
domains. Considering E-Healthcare system as a case study, proposed system
dynamically generates new access control policies by gathering the information
related to
subject
(DoctorA),
resource
(Patient's health record),
action
(view)
and
environment
(condition- such as date/time/IP) and passing it to the PAP for
policy generation. Sample XACML based policy that allows Doctor A to view
Patient B's record if he is accessing the resource through IP 192.168.0.1, is pre-
sented in Listing 4.
Search WWH ::
Custom Search