Sometimes It’s Better to Be STUCK! SAML Transportation Unit for Cryptographic Keys

  • Christopher Meyer
  • Florian Feldmann
  • Jörg Schwenk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7839)


Over the last decade the Security Assertion Markup Language (SAML) framework evolved to a versatile standard for exchanging security statements about subjects. Most notably, SAML facilitates the authentication of users, and is thus deployed in both Webservice (SOAP, WS-Security) and REST-based (SAML SSO webbrowser profile, SAML Bearer token in OAuth) services.

This paper recommends an extension to the SAML framework which provides an easy way to transport cryptographic key material bound to assertions issued by particular subjects. The proposal fits into existing solutions and is fully compliant with the Security Assertion Markup Language, XML Digital Signature and XML Encryption standards.


SAML XML Key Transportation Key Distribution SAML Extension 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report (March 2005)Google Scholar
  2. 2.
    Hardjono, Klingenstein, Howlett, Scavo: SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0. Technical Report (March 2010)Google Scholar
  3. 3.
    Hallam-Baker, P., Mysore, S.H.: XML Key Management Specification (XKMS 2.0). W3C Recommendation, W3C (June 2005)Google Scholar
  4. 4.
    Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly Media (November 1994)Google Scholar
  5. 5.
    Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard) (May 2008)Google Scholar
  6. 6.
    Lawrence, K., Kaler, C.: WS-trust specification. Technical Report (March 2007)Google Scholar
  7. 7.
    Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0, 5th edn. World Wide Web Consortium, Recommendation REC-xml-20081126 (November 2008)Google Scholar
  8. 8.
    Eastlake, D., Reagle, J., Solo, D.: XML-Signature Syntax and Processing. XML Signature Working Group (2002)Google Scholar
  9. 9.
    Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. Technical Report, W3C XML Encryption Working Group (December 2002)Google Scholar
  10. 10.
    US Department of Commerce: Data Encryption Standard (DES) (December 1993)Google Scholar
  11. 11.
    National Institute for Science, Technology (NIST): Advanced Encryption Standard (FIPS PUB 197) (November 2001)Google Scholar
  12. 12.
    Wikipedia: Hybrid cryptosystem — Wikipedia, The Free Encyclopedia (2011) (Online; accessed March 12, 2012)Google Scholar
  13. 13.
    National Institute of Standards and Technology (NIST): NIST FIPS PUB 186 – Digital Signature Standard (May 1994)Google Scholar
  14. 14.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21, 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  15. 15.
    Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorization System. In: Project Athena Technical Plan (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Christopher Meyer
    • 1
  • Florian Feldmann
    • 1
  • Jörg Schwenk
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations