SAML 2.0 Security Gets Test, Preps for Vote
SAML 2.0, the key upgrade to a core web services security markup language, passed two key hurdles last week. First, SAML 2.0 passed an interop test to exchange authentication, attribute and authorization info with other major security specs. Second, a draft SAML 2.0 spec is ready for the vote. Get the details.
The pending adoption of SAML 2.0, to a key upgrade to a core web services security markup language, passed two key hurdles its latest test on its road to becoming a standard.
First, more than a dozen vendors, including Computer Associates, Entrust, HP, Oracle, Sun and RSA all joined in a successful test of SAML 2.0's ability to exchange authentication, attribute and authorization information between different security systems.
Second, the OASIS Security Services technical committee has approved the latest version of the SAML 2.0 spec and schemas as formal "committee drafts," and submitted them to OASIS for balloting - including the core spec, bindings, profiles, metadata and authentication context classes.
IT vendors teamed with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to demonstrate interoperability of the Security Assertion Markup Language (SAML) 2.0, a security specification developed by the OASIS standards consortium. SAML enables secure exchange of authentication, attribute, and authorization information between disparate security domains, making secure Internet e-business transactions possible.
The tests, conducted under the auspices of OASISs Federated Identity InterOp Lab, focused on demonstrating SAML 2.0's ability to interoperate across a number of different web single sign-on, and single logout scenarios, including SAML 1.x, Liberty Alliance and Shibboleth. The tests were conducted as part of the U.S. government's E-Authentication Initiative.
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit consortium that drives the development, convergence, and adoption of e-business standards. OASIS has more than 4,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DocBook, DSML, ebXML, SAML, SPML, UBL, UDDI, WS-Reliability, WSRP, WSS, XACML, and XCBF.
GSA's Program Executive Stephen Timchak, offered an upbeat assessment of the test result. "The E-Authentication Initiative is committed to helping drive the evolution of federated identity management, and that's why we are excited to sponsor the OASIS Federated Identity InterOp on SAML 2.0," Timchat said in a statement. "[W]e look forward to being enthusiastic adopters of SAML 2.0 when it qualifies for inclusion in the E-Authentication architecture."
An analyst from the Burton Group was also pleased with the test. "This OASIS InterOp demonstration offers an important proof-of-concept forâ€¦SAML 2.0, [which] can provide a logical convergence point for new products and deployments in the coming months ." said Dan Blum, Burton's Senior Vice President and Research Director.
Vendors Collaborate on SAML Interoperability
Participating vendors in SAML 2.0 gave the following statements after the successful tests: