ESOE Design

Enterprise Sign On Engine Technical Architecture
Written by Bradley Beddoes
September 2006

Architecture design by Bradley Beddoes
Incorporates SAML 2.0, and (L)XACML 2.0 OASIS standards

Contributions by:
Shaun Mangelsdorf
Andre Zitelli

Edited by:
Bradley Beddoes
Shaun Mangelsdorf
Andre Zitelli

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in RFC 2119

Enterprise Sign On Engine

ESOE authoritative data store

One of the core components to the operation of the ESOE is the central repository of authoritative data. This database stores all the details required to build the metadata representation of the core system and its associated service providers in network. It also contains a record of each new authentication event which successfully takes place on the system as well as records of each service that is visited for clients in each session. This allows fine grained security data to obtained easily with the added benefit of data mining activities to gain a picture of where clients are traversing the system.

This data is managed by the ESOE Manager system which is documented elsewhere.

Design documentation

  1. ESOE Authentication Design
  2. ESOE Single Sign-on and Logout Design
  3. ESOE Web Services Design
  4. ESOE Attribute Authority Design
  5. ESOE Authorization Design
  6. ESOE Sessions Cache Design
  7. ESOE Logging Design
  8. ESOE Metadata Processor Design
  9. ESOE SPEP Processor Design
  10. ESOE Delegated Authentication Design