RealTime IT News

OASIS Ratifies SAML 1.0

A specification considered a key factor in securing Web services has been ratified as a standard by the Organization for the Advancement of Structured Information Standards (OASIS).

Security Assertion Markup Language (SAML) v1.0 is an XML-based framework that defines mechanisms for exchanging authentication, authorization and non-repudiation information. Among its most important capabilities is enabling single sign-on services.

The standard incorporates other industry-standard protocols and messaging frameworks, including XML Signature, XML Encryption and SOAP.

"SAML 1.0 is an important industry standard for federating diverse security domains across Web services environments," said James Kobielus, a senior analyst with the Burton Group. "SAML 1.0 supports secure interchange of authentication and authorization information by leveraging the core Web services standards of Extensible Markup Language (XML), Simple Object Access Protocol (SOAP), and Transport Layer Security (TLS). Most vendors of Web access management solutions have committed to SAML 1.0 and are currently implementing the specification in their products."

OASIS members voted on SAML through Oct. 31, and the organization announced it had ratified the specification as an OASIS Open Standard Wednesday. Acceptance as an OASIS Open Standard is the highest level of ratification the organization offers.

"SAML lets companies implement single sign-on solutions that allow users to visit various Web sites without being repeatedly challenged for credentials," said Joe Pato of HP, co-chair of the OASIS Security Services Technical Committee. "In addition, SAML makes it possible to include security information in documents used in business transactions. This is particularly relevant for Web services, where security is critical."

The SAML OASIS Open Standard was developed by Baltimore Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard Co., Hitachi, IBM, Netegrity, Oblix, OpenNetwork, Quadrasis, RSA Security, Sun Microsystems, Verisign, and other members of the OASIS Security Services Technical Committee.