SAML2.0 in a Nutshell


SAML XML-based framework for marshaling security and identity information and exchanging it across domain boundaries.

SAML’s Core : asseertions about subjects

Assertions contain statements : authentication, attribute, entitlement or roll-your-own

SAML Use Cases

  1. SSO
  2. Identity Federation
  3. Attribute Services
  4. Single logout
  5. Securing Web Services messages

Terms and concepts :

  • Entity : An active element of a computer/network system
  • Principal : An entity whose identity can be authenticated
  • Subject : A principal in the context of a security domain
  • Identity : One’s characteristics, traits and preferences
  • Identifier : A data object that uniquely refers to a particular entity
  • Federated Identity : Existence of an agreement between providers on a set of identifiers to use to refer to a principal
  • Asserting Party (SAML Authority) : An entity that produces SAML assertions
  • Identity Provider: An entity that creates, maintains, and manages identity info for principals and provides principal authentication to other service providers.
  • Relying Party : An entity that decides to take an action based on information from another system entity.
  • Service Provider : An entity that provides services to principals or other entities.

SAML Assertions :

An assertion is a declaration of fact, according to someone. SAML assertions contain one or more statements about a subject :

  • Authentication statement : “Joe authenticated with a password at 9.00 am”
  • Attribute statement : “Joe is manager with a $500 spending limit”



Protocols :

  1. Assertion request
  2. Authentication request
  3. Artifact resolution
  4. Name identifier management
  5. Name identifier mapping
  6. Single logout

Artifacts :

  • A small fixed size structured data object pointing to a typically larger, variably sized SAML protocol message.
  • Designed to be embedded in URLs and conveyed in HTTP messages
  • Allows for “pulling” SAML messages rather than having to push them
  • SAML defines one artifact format but you can roll your own


  1. SOAP : Basic way for IdPs and SPs to send SAML protocol messages
  2. Reverse SOAP
  3. HTTP redirect : Method to send SAML message by means of HTTP 302
  4. HTTP POST : Method to send SAML message in base64-encoded HTML form control
  5. HTTP Artifact : way to transport an artifact using HTTP in 2 ways :URL query string and HTML form control
  6. URI : How to retrieve a SAML message by resolving a URI


  1. Web Browser SSO
  2. Enhanced client and proxy
  3. IdP discovery
  4. Single Logout
  5. Name identifier management
  6. Artifact resolution
  7. Assertion request

4 Key Things to learn

  1. Hire smart people that are passionate and enthusiastic about your vision
  2. Stay focused – there is a tendency to want to do so much but concentrate on what will get you the biggest bang for your buck
  3. Fail fast – be realistic about what is working and what isn’t and walk away from the non-productive initiatives
  4. Keep it simple – in today’s world of sensory overload, whatever you do make sure that someone gets it immediately

And have fun!


Identity and Access Management Links

Identity and Access Management Resource Links

Ping Identity Training Videos

OIM Installer

LDAP Conference 2013 Slides

LDAP Con 2013 Summary

ForgeRock OpenIDM Summit Slides

Things you should know about HTML5

HTML 5 Presentation

5 Things you should know about HTML5

By Identityguru
Dec 04, 2013

1. What is HTML5?

  • HTML5 is a new standard for HTML
  • HTML5 used for Structuring and presenting content for Web
  • HTML5 document is also called Web Pages
  • HTML5 documents contain HTML tags and plain text
  • HTML5 you can create your own Web site

2. New features in HTML5

  1. New content-specific elements, like <article>, <footer>, <header>, <nav>, <section>
  2. New form controls, like calendar, date, time, email, url, search
  3. The <video> and <audio> elements for media playback
  4. Full CSS3 Support
  5. The <canvas> element for 2D drawing

3. How to upgrade to HTML5?

  • Change your DOCTYPE:
  • <!DOCTYPE html> And that’s it.
  • Example html5 :
  • <!DOCTYPE html><html><head><meta charset=”UTF-8″>

    <title>Title of the document</title>


    Content of the document……



4. What are the HTML5 Rules

  • Reduce the need for external plugins like Flash
  • Better Error Handling
  • More markup to replace scripting like JavaScript
  • HTML5 should be device independent

5. HTML5 Multimedia Video – Bye bye, Flash!

With HTML5, playing video is easier than ever.

    • HTML5 <video> Element

Your browser does not support the video tag.

5. HTML5 Multimedia – Audio

With HTML5, playing audio is easier than ever.

    • HTML5 <audio> Element

Your browser does not support the audio element.

Thank You!

OMG UML 2 Certification Fundamental

OMG Certified UML Professional (OCUP) – Fundamental :

Test information:

  •  Exam Number : OMG – OCUP – 100
  • Duration : 90 minutes (80 questions)
  • Min Passing Score : 46
  • Exam Fee : US $200
  • Prerequisite : None 


Overview of the UML diagrams

UML diagram

  1. Structure diagram
    1. Class diagram
    2. Object diagram
    3. Package diagram
    4. Component diagram               
    5. Composite Structure diagram
    6. Deployment diagram
  2. Behavior diagram
    1. Activity diagram
    2. Use case diagram
    3. State Machine diagram
    4. Interaction diagrama.
      1. Sequence diagram
      2. Communication diagram
      3. Interaction overview diagram 
      4. Timing diagram 

 Class Diagrams

  • Package : Classes::Kernel
  • Package : Classes::Dependencies
  • Package : Classes::Interfaces

Basic Concepts

  1. The basis of UML is described in the Kernel package of the metamodel.
  2. The UML class model – Element is Superclass (No Notation)
  3. A relationship is an abstract concept to put elements in relation to one another. (No Notation)
  4. Suplier – Element offers something (Set of Source)
  5. Client –  Element wants something (Set of Target)
  6. Comment – can be annoted to any UML model element.
  7. Namespaces – is a named element that can contain named elements. (Unique by their names)
  8. Package – A packageable element is a named element that can belong directly to a package
  9. Packageable element – Visibility is mandatory.
  10. Element import – Act of importing an element (Alias allowed)
  11. Pakagae import – Act of importing a package (Alias not allowed)
  12. Notation and Semantics – + public, – private, # protected, ~ package
  13. <<import>> : Visibility is public
  14. <<access>> : Visibility is private
  15. Typed Element – is a named element that can have a type.
  16. Typed Element – e.g attributes & parameters are typed elements
  17. Type – specifies a set of values for a typed element.
  18. Type – e.g simple data types and classes are types.
  19. Both Type and Typed element are abstract classes in the metamodel.
  20. Both Type and Typed element have no properties
  21. Multiplicity element- interval of + integers to specify allowable cardinalities.
  22. Cardinality – is a concrete number of elements in a set.
  23. Notation of Multiplicity is either a single number or a value range.
  24. Multiplicity – eg 0..1 , 1, * , 1..*, 5..3, -1..0, 3+5..7+1
  25. Value Spec – indicates one or several values in a model
  26. Value Spec – eg simple, mathematical expr (4+2) & expr with values (Int::Max_INT)
  27. Value Spec – class model used to create tree type expr -composite pattern
  28. Constraints – is an expr that contains the sematics of an element and it must always be true.
  29. Constraints – can be formal expr (OCL) or a semiformal or human lang formulation.
  30. Constraints – Notation & Sematics – written between curled brackets
  31. Constraints – written directly after a textual element or within a comment symbol.
  32. Constraints – can have names.
  33. Constraints – Syntax – ‘{‘ [<name> ‘:’] < Boolean expression > ‘}’
  34. Constraints – eg radius:int {radius >0}, {Salary:self.salary > assitant.salary},  {xor}
  35. Instance Spec – a concrete instance in the modeled system.
  36. Instance and object are used synonymosly
  37. Slot – represents for a struture element of an instance spec such as an attr value of an object.
  38. Instance Spec – can be incomplete, don’t have to specify all values of attributes
  39. Classifier – is a abstract base class that classifies the instances with regard to their features.
  40. Classifier – is a namespace and a type, and it can be generalized
  41. Classifier – eg class, component and use case
  42. Classifier – associates a set of features – operations & attributes
  43. Classifier – Notation – rectangle that contains name with name of subclass in guillemets above it.
  44. Classifier – abstract if its desc is incomplete. (no instances can be created)
  45. Classifier – Abstractness is a feature of classifiers
  46. Classifier – Names of abstract classifiers are written in italics GeomFigure {abstract}
  47. Features – desc a structural or behavioral characteristic of a classifier’s instances.
  48. Structural Feature – is an abstract metaclass, which desc a typed structure of instance of a classifier. eg property attribute {readonly} {unrestricted}
  49. Behavioral Feature – is an abstract metaclass, which means that an instance of a classifier can respond to requests by calling certain behavior. eg operation
  50. Behavioral Feature – can throw an exception. parameters can be passed/returned
  51. Parameter – is the spec of an argument that is passed/returned by behavioral feature
  52. Parameter – has a type, a multiplicity and a direction. (optionally – state a default value and a name)
  53. Parameter – directions si specified by keywords – in, out, inout or return
  54. Parameter – directions default value is ‘in’
  55. in – Caller passes the param value to the behavior
  56. out – behavior passes the param value to the caller
  57. inout – Caller first passes the param value to the behavior, which ret it to caller
  58. Return – llr to out, except return explicitly specifies the return values of behavior
  59. Notation – Synt [direction ] name : type [multiplicity ] [= default] [{property string}]
  60. Property String for a param can be one of values known for properties {ordered} & {nonunique}


CISSP Study Guide

This blog is about CISSP certificate exam with all the resource information and links.

CISSP Exam :
Prerequisites: 5 year’s experience in any two or more Security Domains (10 listed below)
Number of questions: 250
Score needed to pass: 700 out of 1000
Duration: 6 hours
Price: $599 USD

To Register :

CISSP Resources :
(ISC)2 :
Forum :

Ten Domains :
• Access Control
• Telecommunications and Network Security
• Information Security Governance and Risk Management
• Software Development Security
• Cryptography
• Security Architecture and Design
• Operations Security
• Business Continuity and Disaster Recovery Planning
• Legal, Regulations, Investigations and Compliance
• Physical (Environmental) Security

How to make Indian filter coffee?

How to make Indian filter coffee:

Put required teaspoons of sugar in a stainless steel filter, add powdered coffee. Pour hot water heated to 110 degrees into the filter and close. Collect the first decoction and keep it warm by placing in a tub of hot water. Pour 10 to 15 ml of decoction over sugar. Add milk, (preferably fresh) till it flows onto the saucer. Swish coffee once and drink hot.


Learning to Learn

Scoping the subject

The first step in learning about a subject and perhaps the most critical is to determine the scope of the subject you want to learn about.

Having a goal

The next thing you need is a goal. There is no point in learning something just for the sake of learning it.

Finding resources

After you know what you are going to learn and you have a good idea of how you will measure your achievement of the learning, you will undoubtedly need to find some resources for proceeding with your plan.

Putting it into practice

I’ve found the most effective way to actually learn something once I know what I am going to learn and where I am going to get the information from is to study and do at almost the same time.


One excellent technique for learning something is to immerse yourself in it. If you really want to learn a programming language, start doing everything in that language.

This content is contributed by John Sonmez at