Introduction

Abstract

The APS Identity protocol describes a framework for exchanging security data between a service provider (SP) and APS Identity Service. The protocol defines programming interfaces that are used for security data exchange, and format of the data.

Definitions, acronyms, and abbreviations

All terms used in this document (if not specially mentioned) are defined in the Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0.

Additionally, this document uses the following terms:

• Local account - an account given to a principal by an SP.
• Federated identity (FI) - a set of local account identifiers.
• Authenticated user - a user who is authenticated to IdP.
• Service provider (SP) - a web application/service that offers its resources to users.
• Identity provider (IdP) - APS Identity Service, Parallels web service which enables SSO capabilities for resources provided by SPs.
• Single sign-on (SSO) - a specialized form of user authentication that enables a user to access resources of multiple service providers after being authenticated only once.
• SSO system - a system comprising multiple service providers registered in the database of the same IdP. The system provides SSO to users of the SPs resources.
• User - an end user of an SSO system.

Conventions

In this document, the following conventions are used:

• The protocol relies primarily on two documents released by Oasis consortium: Security Assertion Markup Language (SAML) 2.0 Technical Overview and Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. These documents are referred to as the SAML 2.0 Specification and the Technical Overview for the description convenience purposes.
• SPs and IdP are in the same SSO system (if not stated otherwise).

References

• OASIS Security Services Technical Committee

  http://www.oasis-open.org/committees/security
  

• Security Assertion Markup Language (SAML) 2.0 Technical Overview

  http://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech-overview-2.0-draft-10.pdf
  

• Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0

  http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
  

• Bindings for the OASIS Security Assertion Markup Language (SAML) v.2.0

  http://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf
  

• Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0

  http://www.oasis-open.org/committees/download.php/21111/saml-glossary-2.0-os.html
  

• Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0

  http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
  

• HTTP 1.1 Protocol Specification

  http://www.ietf.org/rfc/rfc2616.txt