Members Approve Security Assertion Markup Language - SAML - v2.0 as OASIS Standard.
BOSTON -- AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. , BEA Systems, Boeing, Booz Allen Hamilton Booz Allen Hamilton, Inc., referred to as Booz Allen is one of the oldest strategy consulting firms in the world. The firm formerly had two consulting divisions: WCB (Worldwide Commercial Business, also known as “The Commercial Side”) and WTB , Computer Associates, Entrust, Hewlett-Packard, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Neustar, Nokia, Novell, Oracle, RSA Security, SAP, Sun Microsystems, and Others Advance Standard for Single Sign-On
OASIS, the international e-business standards consortium, today announced that its members have approved the Security Assertion Markup Language (SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or ) version 2.0 as an OASIS Standard, a status that signifies the highest level of ratification. SAML v2.0 enables the secure exchange of authentication, attribute, and authorization information between disparate security domains, making vendor-independent Web single sign-on and secure e-business transactions possible. Version 2.0 adds key functions to create and manage federated Connected and treated as one. See federated database and federated directories. networks that combine and appropriately share pre-existing repositories of identity information.
"Prior to SAML, there was no XML-based standard that enabled the exchange of security information between a security system and an application," said John Pescatore, analyst at Gartner, Inc. "SAML provides a standard XML schema for specifying authentication, attribute, and authorization decision statements, and it also specifies a Web services-based request/reply protocol for exchanging these statements."
"The number of digital identities in today's world is exploding and business partners need better ways to federate fed·er·ate
v. fed·er·at·ed, fed·er·at·ing, fed·er·ates
To cause to join into a league, federal union, or similar association.
To become united into a federal union. and manage those identities in order to control access to their resources in the face of growing regulatory and compliance requirements," noted Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. "SAML v2.0 is the convergence point for the major identity federation initiatives deployed in the industry today; that is, SAML v1.x, Liberty ID-FF ID-FF Identity Federation Framework (Liberty Alliance) , and the Internet2's Shibboleth Shibboleth (shĭb`ōlĕth), in the Bible, test word that the Gileadites made the Ephraimites pronounce. As Ephraimites could not say sh but only s effort. With the release of SAML v2.0, the industry now has a very robust, proven foundation upon which to build identity-based solutions that meet those requirements."
SAML leverages core Web services standards including XML XML
in full Extensible Markup Language.
Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. , SOAP, Transport Layer Security (TLS), XML Signature (XMLSIG), and XML Encryption (XMLENC).
"SAML v2.0 builds on the success of SAML v1.1 by providing a full-featured foundation for identity federation on the Internet," explained Prateek Mishra of Principal Identity, co-chair of the OASIS Security Services Technical Committee. "Some of its features fill in important 'gaps' observed in practical deployments: for example, the attribute profiles and metadata specification simplify agreement between businesses participating in a federation. Other features such as encryption, pseudonyms and user consent enable confidentiality and privacy of information about users."
"SAML v2.0 has the benefit of real implementations in a variety of industries to help the market drive adoption," stated Patrick Gannon, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of OASIS. "Major technology vendors are already shipping identity management products and appliances built on SAML, and governments are incorporating it into their architectures. Many other key XML standards already have defined clear profiles for working with this flexible and extensible OASIS Standard for the federated model of identity management."
Over 27 member organizations globally participate in this ongoing work, including representatives of AOL, BEA Systems, Boeing, Booz Allen Hamilton, Computer Associates, Entrust, Hewlett-Packard, IBM, Neustar, Nokia, Novell, Oracle, RSA Security, SAP, and Sun Microsystems. Participation remains open to all, and suppliers, end-users, and systems integrators are invited to join OASIS to advance the continued development and adoption of SAML. OASIS hosts an open mail list for public comment and the saml-dev mailing list for exchanging information on implementing the standard.
Industry Support for SAML 2.0 OASIS Standard
"In a relatively short time, SAML has become one of the most widely accepted standards for exchanging authorization data in Federated Identity environments. SAML 2.0 reflects this broad support in the number of organizations and individuals who contributed new features to it. BEA looks forward to increasing our support for SAML in future product offerings," said Hal Lockhart, Principal Engineering Technologist, BEA Systems.
"SAML 2.0 will be the keystone that enables many other elements of XML trust infrastructure to interoperate. For example, the upcoming XRI 2.0 specifications from the OASIS XRI (Extensible Resource Identifier eXtensible Resource Identifier (abbreviated XRI) is a scheme and resolution protocol for abstract identifiers compatible with Uniform Resource Identifiers and Internationalized Resource Identifiers, developed by the XRI Technical Committee at OASIS. ) Technical Committee uses SAML 2.0 assertions to provide trusted XRI resolution services. The OASIS XDI (XRI Data Interchange) Technical Committee also plans to foster trusted data interchange relationships using SAML 2.0," said Drummond Reed, CTO Cordance Corporation, co-chair, OASIS XRI and XDI Technical Committees.
"SAML is fast becoming the dominant Web services standard for federating 'identity as a service', and promises to break the traditional lock between Web SSO 'shim' and server. The 2.0 version of SAML and the very successful 12-vendor OASIS SAML Interop lab at the RSA Conference are further proof of SAML's maturity," said Eugene Kuznetsov, CTO and Chairman of DataPower.
"Nokia has long recognized the importance of security and identity management to Web services and is pleased to see SAML v2.0 reach standardization," said Frederick Hirsch, Senior Architect at Nokia. "SAML v2.0 will do much to reduce market confusion and to drive adoption of federated identity technology, converging Liberty Alliance Federation Framework, SAML v1.1, and Shibboleth technologies. Achieving SAML v2.0 standardization is a major accomplishment in an important area."
"SAML has rapidly been established as the accepted mechanism for making authoritative electronic assertions about user authentication and identity information. Reactivity supports the enhancements in SAML v2.0 that build on that success to provide a comprehensive framework for federating identities, controlling user sessions and identifying web transactions," said Andrew Nash, CTO of Reactivity.
"By accepting SAML v2.0 as an OASIS Standard, the technology industry has demonstrated its commitment to delivering open, interoperable solutions that enable companies to leverage the benefits of seamless identity federation," said Jason Lewis, vice president of product marketing and management at RSA Security. "RSA Security is proud to have contributed to the development of SAML, and we look forward to continuing to support initiatives which provide the greatest flexibility and choice to our customers."
"Sun continues to drive identity management and Web services standards both through our participation with organizations, such as OASIS and the Liberty Alliance, as well as providing full support of the latest industry standards within our products," said Sara Gates, vice president identity management, Sun Microsystems, Inc. "Sun is proud to have been a supporter of SAML from its inception, and we are excited to see it approved by the members of the OASIS Security Services Technical Committee as an OASIS Standard."
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL AVDL Application Vulnerability Description Language , CAP, DocBook, DSML (Directory Services Markup Language) A set of XML tags that defines the contents of a directory. Developed by Bowstreet, Inc., Tewksbury, MA (www.bowstreet. , ebXML, SAML, SPML SPML - server-parsed HTML , UBL, UDDI (Universal Description, Discovery and Integration) An industry initiative for a universal business registry (catalog) of Web services turned over to the stewardship of OASIS in 2002 as the version 3 specification of UDDI was released. , WSDM WSDM Web Services Distributed Management
WSDM Web Site Design Method , WS-Reliability, WSRP WSRP Web Services for Remote Portlets
WSRP Washington State Republican Party
WSRP Web Services for Remote Portals (less common)
WSRP West Semitic Research Project
WSRP Women's Studies in Religion Program , WSS, XACML (EXtensible Access Control Markup Language) An OASIS standard for managing access control policy. Released in 2003 and based on XML, the Sun-developed XACML was designed to become a universal standard for describing who has access to which resources. , and XCBF XCBF XML Common Biometric Format . http://www.oasis-open.org
OASIS Security Services Technical Committee
Cover Pages Technology Report: SAML