The OASIS standards consortium announced that its members have approved the Security Assertion Markup Language (SAML) version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. SAML provides an XML-based framework for exchanging authentication and authorization information, enabling single sign-on – the ability to use a variety of Internet resources without having to log in repeatedly.

"SAML has gained widespread industry adoption as a basis for federated identity and security environments," said James Kobielus, senior analyst at Burton Group. "Clearly, SAML is a living, evolving standard, and OASIS has, with the new version 1.1, incorporated changes that reflect real-world experience with SAML version 1.0."

According to Prateek Mishra of Netegrity, co-chair of the OASIS Security Services Technical Committee, "Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application. SAML provides a way to specify authentication, attribute and authorization decision statements. It also specifies a Web services-based request/reply protocol for exchanging these statements."

"The SAML 1.1 standard introduces important enhancements that improve its interoperability and utility to other Web services security efforts in the industry. This can be seen through the adoption of SAML 1.1 as a foundation for the Liberty Alliance's Identity Federation Framework, the implementation of SAML 1.1 by the Internet2/MACE Shibboleth project, and the development of a SAML profile by the OASIS Web Services Security (WSS) Technical Committee for using SAML with WS-Security," added Rob Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. "The growing participation of OASIS member companies in SAML's development and our committee's increasing collaboration with other security-related standards groups demonstrate the value of OASIS SAML standardization to the industry."

Liberty Alliance Management Board president, Michael Barrett, also vice president of Internet Strategy at American Express, commented, "Collaboration between standards organizations is critical to industry momentum and to ensure new technologies like single sign-on and Web services succeed. Organizations looking to benefit from these new technologies need access to proven, interoperable, and secure standards that they can build on for the next new technology. Open standards like SAML and Liberty's specifications have been proven to meet that need."

Members of the OASIS Security Services Technical Committee include Baltimore Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard, Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun Microsystems, Verisign and other security software vendors, financial institutions, government agencies and academia.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access