Printer Friendly
The Free Library
22,725,466 articles and books

Security Assertion Markup Language -- SAML -- Version 1.1 Ratified as OASIS Standard.

Business Editors/High-Tech Writers

BOSTON--(BUSINESS WIRE)--Sept. 22, 2003

Baltimore Technologies Baltimore Technologies was an internet security firm founded in 1976 by Michael Purser. It was acquired in 1996 by a team financed by Dermot Desmond and led by Fran Rooney, who became CEO. , BEA Systems BEA Systems, Inc. (NASDAQ: BEAS) is one of the major companies developing enterprise infrastructure software. BEA makes middleware, products that help software run on top of databases. , Computer Associates, Entrust,

Hewlett-Packard, Netegrity, Oblix, OpenNetwork, Reactivity,

RSA Security RSA, The Security Division of EMC Corporation, is headquartered in Bedford, Massachusetts, and maintains offices in Ireland, the United Kingdom, Singapore, India, and Japan.

RSA organizes the annual RSA conference.
, SAP, Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. , Verisign, and Others

Collaborate on Authentication and Authorization

The OASIS standards consortium today announced that its members have approved the Security Assertion Markup Language markup language

Standard text-encoding system consisting of a set of symbols inserted in a text document to control its structure, formatting, or the relationship among its parts. The most widely used markup languages are SGML, HTML, and XML.
 (SAML (Security Assertion Markup Language) An XML-based format from OASIS for exchanging security information for single sign-on. The "assertions" are statements from a SAML authority that authenticate a user, confirm some attribute about the individual and grant or ) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. SAML provides an XML-based framework for exchanging authentication and authorization information, enabling single sign-on An identification system that lets users log into multiple Web sites on the Internet with one username and password. Single sign-on systems are also used within an enterprise, enabling users to access all authorized resources in the local network using the same username and password.  -- the ability to use a variety of Internet resources without having to log in repeatedly.

"SAML has gained widespread industry adoption as a basis for federated identity In information technology, federated identity has two general meanings:
  • The virtual reunion, or assembled identity, of a person's user information (or ), stored across multiple distinct identity management systems.
 and security environments," said James Kobielus, senior analyst at Burton Group. "Clearly, SAML is a living, evolving standard, and OASIS has, with the new version 1.1, incorporated changes that reflect real-world experience with SAML version 1.0."

According to according to
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

 Prateek Mishra of Netegrity, co-chair of the OASIS Security Services Security services are state institutions for the provision of intelligence, primarily of a strategic nature, but also including protective security intelligence. Examples include the Security Service (MI5) and the Secret Intelligence Service (MI6) in the United Kingdom, and the  Technical Committee, "Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application. SAML provides a way to specify authentication, attribute, and authorization decision statements. It also specifies a Web services-based request/reply protocol for exchanging these statements."

"The SAML 1.1 standard introduces important enhancements that improve its interoperability and utility to other Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term.  security efforts in the industry. This can be seen through the adoption of SAML 1.1 as a foundation for the Liberty Alliance's Identity Federation Framework, the implementation of SAML 1.1 by the Internet2/MACE Shibboleth Shibboleth (shĭb`ōlĕth), in the Bible, test word that the Gileadites made the Ephraimites pronounce. As Ephraimites could not say sh but only s  project, and the development of a SAML profile by the OASIS Web Services Security (WSS WSS Windows Sharepoint Services (Microsoft)
WSS Web Services Security (OASIS)
WSS Wavelength Selective Switch (Reconfigurable Optical Add/Drop Multiplexer) 
) Technical Committee for using SAML with WS-Security," added Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. "The growing participation of OASIS member companies in SAML's development and our committee's increasing collaboration with other security-related standards groups demonstrate the value of OASIS SAML standardization to the industry."

Liberty Alliance Management Board president, Michael Barrett Michael Barrett may refer to:
  • Michael Barrett (baseball) (born 1976), US baseball player
  • Michael Barrett (Fenian), Irishman who was hanged in 1868
  • Michael Barrett (Irish politician) (1927–2006)
, also vice president of Internet Strategy at American Express American Express (NYSE: AXP), sometimes known as "AmEx" or "Amex", is a diversified global financial services company, headquartered in New York City. The company is best known for its credit card, charge card and traveler's cheque businesses. , commented, "Collaboration between standards organizations is critical to industry momentum and to ensure new technologies like single sign-on and Web services succeed. Organizations looking to benefit from these new technologies need access to proven, interoperable, and secure standards that they can build on for the next new technology. Open standards Specifications for hardware and software that are developed by a standards organization or a consortium involved in supporting a standard. Available to the public for developing compliant products, open standards imply "open systems;" that an existing component in a system can be replaced  like SAML and Liberty's specifications have been proven to meet that need."

Members of the OASIS Security Services Technical Committee include Baltimore Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard, Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun Microsystems, Verisign, and other security software vendors, financial institutions, government agencies, and academia.

Industry Support for SAML 1.1

Baltimore Technologies

"Baltimore welcomes the completion of SAML 1.1 as an important building-block of the security services infrastructure that will underpin the emerging service oriented computing landscape," said Patrick McLaughlin Patrick "Paudeen" McLaughlin (1822-March 20, 1858) was a New York criminal and a "slugger" for Tammany Hall during the late-19th century. McLaughlin, whose nose had previously been chewed off during a brawl in the Five Points with the Alderman of the First Ward, was widely regarded , CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. , Baltimore Technologies.

BEA Systems

"SAML 1.1 continues the evolution of this key standard for interoperable exchange of security information in federated Connected and treated as one. See federated database and federated directories.  environments," said Ed Cobb, Vice President, Architecture and Standards, BEA Systems, Inc (NASDAQ NASDAQ
 in full National Association of Securities Dealers Automated Quotations

U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on
: BEAS). "We are pleased at the growing industry support for SAML to secure information access and to enhance user experiences in service-oriented environments."

Computer Associates

"Managing the identities of users outside the enterprise has become as integral to business enablement as managing the identities of internal users," said Bilhar Mann, director of eTrust identity and access management solutions at Computer Associates. "The SAML OASIS Standard will play an instrumental role in enabling identity management beyond the enterprise. It will also enable users of CA's SAML-compliant, eTrust identity and access management solutions to more readily apply corporate management and security policies to systems that touch customers and supply-chain partners."

Confluent con·flu·ent
1. Flowing together; blended into one.

2. Merging or running together so as to form a mass, as sores in a rash.

"The approval of SAML 1.1 as an OASIS Standard is an important step towards broader adoption of standards-based authentication and authorization solutions," said Sekhar Sarukkai, Vice President of Technology & Co-Founder of Confluent Software. "As a Web services management vendor supporting SAML in many customer engagements, we believe that the several important extensions in SAML 1.1 will help accelerate the deployment of secure, standards-compliant Service Oriented Architectures."

DataPower Technology

"The release of the 1.1 specification is a testament to the advancement for Web services deployments and the demand for pragmatic, interoperable solutions for Web services security," said Rich Salz Rich Salz is currently Chief Security Officer of Datapower, which was recently acquired by IBM.

He has made numerous contributions to recent work on XML and SOAP specifications, particularly involving security.
, Chief Security Architect at DataPower Technology Inc. "The fact that much of SAML 1.1 is based on feedback from the 1.0 user community shows that SAML is being deployed and is meeting real-world needs. We look forward to increased adoption and evolution."


"As one of the early founding members of the OASIS Security Services Technical Committee and an ongoing contributor to SAML's development, we are happy to see its advancement in the industry as a standard for identity federation," said Tim Moses, Director of Advanced Security Technology, Entrust, Inc. "We are seeing increasing interest in the marketplace around SAML and are committed to continuing our support for the OASIS Standard through Entrust's broad portfolio of security solutions for Web Portals, Identity Management, and Web Services."


"Hitachi welcomes the enhancement of the SAML OASIS Standard," said Takao Nakamura, General Manager, Network Software of Hitachi, Ltd., Software Division. "We believe that SAML 1.1 will be an integral part of a secure Web services environment. We plan on adopting this standard for our Web services products in the future.


"As security technologists and active participants in OASIS, we are excited that SAML 1.1 has become an OASIS Standard," said Bob Worner, vice president of product engineering at OpenNetwork. "We look forward to continued work and standards development and to delivering these technologies to our customers for more secure and cost effective identity management across disparate corporate boundaries."


"We are very pleased with the significant traction that SAML has received and the enhancements in the 1.1 release of SAML incorporate what has been learned in those deployments," said Deepak Taneja, CTO at Netegrity. "Utilizing the SAML support within Netegrity's identity and access management solutions companies are able to realize the benefits of flexible federation models."

Reactivity, Inc.

"Reactivity is pleased to support SAML 1.1 as an OASIS Standard. The Reactivity XML Firewall(TM) incorporates support for the SAML Token Profile for Web Services to provide out customers with interoperable authentication credentials for securing XML XML
 in full Extensible Markup Language.

Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations.
 and Web Services. SAML 1.1 incorporates feedback from actual production deployments of SAML, which attests to the strength of the standard in solving real-world problems and delivering rapid business results," said John Lilly, VP and CTO, Reactivity, Inc.

RSA Security

"RSA Security is firmly committed to industry standards that help our customers to be more productive, enjoy greater interoperability, achieve new business opportunities, and realize a strong return-on-investment across their infrastructure," said Jason Lewis, Vice President of Product Management and Marketing at RSA Security. "We have been involved with SAML from its inception, contributing core intellectual property and technical expertise to guide its development, and we are pleased with the progress that is reflected in version 1.1. We support version 1.1 in the latest release of RSA (1) (Rural Service Area) See MSA.

(2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (, a division of EMC Corporation since 2006. It uses a two-part key.
 ClearTrust software and look forward to helping more of our customers capitalize on federated identity management."


"The area of security poses a real concern for companies assessing their web services strategy," said Sachar Paulus, Director of Product Security, SAP. "Now that SAML 1.1 has achieved OASIS ratification as the industry standard for security assertions, e.g., for delegating authentication and authorization decisions to central, federated Identity and Access Management solutions, a major aspect of the security architecture of a Web services-based landscape is addressed. SAP already supports SAML 1.0 with its current NetWeaver release for Single Sign-On purposes and is committed to use SAML 1.1 as a cornerstone for achieving the needed security of SAP's Enterprise Service Architecture."

Sun Microsystems

"Sun continues to be committed to supporting SAML as it provides an essential framework for delivering secure, identity-enabled Web services," said Stephen Pelletier, vice president, Network Identity, Communication and Portal Products. "SAML is a key part of the Liberty Alliance's federated identity management initiatives, further demonstrating its significant value and market adoption. Sun is committed to supporting SAML version 1.1 in our market-leading, Liberty-enabled Java System Identity Server early next year."

About OASIS (

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.

OASIS Security Services Technical Committee:
COPYRIGHT 2003 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion




Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Sep 22, 2003
Previous Article:Spatial Announces R12 Release; Release Delivers Refinements, Performance Gains.
Next Article:Next-Gen Service Provider Mindwire Chooses Sylantro for Hosted PBX and IP Centrex Service Offering.

Related Articles
Free JSAML toolkit. (Software Tools).
Security Assertion Markup Language: the key to federated security services. (Internet).
Service Provisioning Markup Language -- SPML -- Ratified as OASIS Standard.
Web Services Distributed Management -WSDM- Approved as OASIS Standard.
Members Approve Security Assertion Markup Language - SAML - v2.0 as OASIS Standard.
Companies Demonstrate Interoperability of WS-Security OASIS Standard.
Members Approve DITA as OASIS Standard; Arbortext, BMC Software, IBM, Idiom, Innodata Isogen, Intel, Nokia, Oracle, Sun Microsystems, the U.S....
OASIS Members Elect New Leaders; China Takes Active Role in Open Standards, Joining Large Telecommunications Companies, Global Consultants, Software...
Members Approve Web Services Distributed Management (WSDM) 1.1 as OASIS Standard.
Members Approve WS-Notification as OASIS Standard.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters