USA flag logo/image

An Official Website of the United States Government

Applying Security Assertion Markup Language (SAML) to non SOAP protocols

Award Information

Agency:
Department of Defense
Branch:
N/A
Award ID:
Program Year/Program:
2012 / SBIR
Agency Tracking Number:
F112-030-1614
Solicitation Year:
2011
Solicitation Topic Code:
AF112-030
Solicitation Number:
2011.2
Small Business Information
D-Tech, LLC
13800 Coppermine Road, Suite 300 Herndon, VA 20171-6163
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2012
Title: Applying Security Assertion Markup Language (SAML) to non SOAP protocols
Agency: DOD
Contract: FA8750-12-C-0060
Award Amount: $149,999.00
 

Abstract:

ABSTRACT: D-Tech is pleased to submit this proposal in response to the SBIR solicitation under topic AF112-030 titled"Applying Security Assertion Markup Language (SAML) to non SOAP Protocols". D-Tech will develop a prototype to demonstrate the feasibility and flexibility of user authentication and authorization for web applications, implementing an OpenID Identity Provider as a proxy to integrate RESTful services with a SAML-based Attribute Service compliant with NCES standard. We will extend the OpenID"s single sign-on capability with OAuth, an emerging standard for fine-grained user authorization. A survey and analysis comparing different standards, their applicability, and techniques for RESTful single sign-on will be provided. A new software framework to bind SAML with light-weight protocols will be presented in the final technical report, along with potential security applications in DoD and the commercial sector. We have formed a top-notch research team for this project, including DoD security veterans and university researcher with a solid track record in computer security and information assurance. We have a collaborative partnership with the Center of Secure Information Systems of GMU and will bring the latest R & D findings to benefit this project. The D-Tech team is confident in completing this research with the best quality and customer satisfaction. BENEFIT: Benefits: - Provide the DoD and the Federal Government at large with a simplified framework for web-based single sign-on, utilizing user attributes stored and maintained by standard enterprise directory service (e.g. LDAP) - Establish a new standard and approach for deploying web-based single sign-on and user authentication in a flexible, cost-effective way, integrating SAML with OpenID and OAuth - Gain valuable knowledge and experience in various technologies and best practices, with the potential of enhancing related open industry standards, and contributing the knowledge back to the DoD and the IT security community via publications and conference presentations based on Phase I research - Generate new intellectual properties out of this research if such opportunities arise Potential Commercial Applications - Online Service Provider to use SAML attribute service to provide trust services (e.g. Secure Token Service) for RESTful applications - Online Service provider to use SAML in combination with OpenID and OAuth to achieve attribute-based access control - Mobile Service Provider to use lightweight protocol to perform user access control in difference mobile platforms

Principal Investigator:

Kevin T. Smith
Chief Technology Advisor
(703) 829-5386
kevintrentsmith@gmail.com

Business Contact:

Nick Duan
President
(703) 574-5837
nduan@verizon.net
Small Business Information at Submission:

D-Tech, LLC
43462 Mechanicsville Glen Street Ashburn, VA -

EIN/Tax ID: 300616305
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: Yes
HUBZone-Owned: No