September 22, 2003

SAML 1.1 ratified as OASIS standard

- by Chris Preimesberger -
The Organization for the Advancement of Structured Information Standards (OASIS) standards consortium Monday announced that its members have approved the Security Assertion Markup Language (SAML) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. SAML provides an XML-based framework for exchanging authentication and authorization information, enabling single sign-on -- the ability to use a variety of Internet resources without having to log in repeatedly.

The OASIS Security Services Technical Committee had unanimously approved the SML 1.1 standard on Sept. 2.

The key companies leading the standards consortium are Baltimore Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard Co., Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun Microsystems, and Verisign.

SAML provides a way to specify authentication, attribute, and authorization decision statements. It also specifies a Web services-based request/reply protocol for exchanging these statements.

"Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application,â� said Prateek Mishra of Netegrity, co-chair of the OASIS Security Services TC.

Real-world experience with earlier version a big help

"SAML has gained widespread industry adoption as a basis for federated identity and security environments," said James Kobielus, senior analyst at Burton Group. "Clearly, SAML is a living, evolving standard, and OASIS has, with the new version 1.1, incorporated changes that reflect real-world experience with SAML version 1.0."

"The SAML 1.1 standard introduces important enhancements that improve its interoperability and utility to other Web services security efforts in the industry," said Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee.

Philpott also said that "this can be seen through the adoption of SAML 1.1 as a foundation for the Liberty Alliance's Identity Federation Framework, the implementation of SAML 1.1 by the Internet2/MACE Shibboleth project, and the development of a SAML profile by the OASIS Web Services Security (WSS) Technical Committee for using SAML with WS-Security."

"Collaboration between standards organizations is critical to industry momentum and to ensure new technologies like single sign-on and Web services succeed,ââ¬? said Liberty Alliance Management Board president Michael Barrett of American Express. ââ¬ÅOrganizations looking to benefit from these new technologies need access to proven, interoperable, and secure standards that they can build on for the next new technology. Open standards such as SAML and Liberty's specifications have been proven to meet that need."

Go here for full text of the OASIS news release.


  • Security
Click Here!