RealTime IT News

Government Groups Tout Single Sign-On Version

SAN FRANCISCO -- With the federal government working toward a deadline to adopt digital certificates and online transactions, a grouping of government and IT enterprise companies demonstrated Wednesday how a Web services specification could be both secure and sexy.

Eleven vendors, including Sun Microsystems and HP, joined with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to show interoperability of the Security Assertion Markup Language (SAML) and authorization information.

They demonstrated three separate successful scenarios using both types of SAML version 1.1 Single Sign-On to simulate interaction between a government or enterprise portal and sites from typical content or service providers.

Pronounced "Sam-el" , the XML-based framework helps secure transmitted communications over the Internet. SAML is also important because it defines mechanisms to exchange authentication, authorization and nonrepudiation information. That designation holds the key for allowing single sign-on capabilities for Web services.

Internet standards body OASIS (Organization for the Advancement of Structured Information Standards), ratified Version 1.0 of SAML in November 2002; version 1.1 passed in September 2003.

Hundreds of federal services are available online, but many require some form of identity verification before an agency-to-citizen or agency-to business transaction can take place. It takes an estimated 3 to 5 years for federal agencies to develop electronic identity authentication systems. Duplicative agency efforts to create such systems, which do not communicate with each other, cost the government millions. And while Americans are increasingly embracing online government services, they are also concerned that dealing with government over the Internet may compromise their privacy.

Despite recent advancements by Microsoft's WS-Federated project, Midvale, Utah-based Burton Group research director Dan Blum suggested that SAML has the best options for the market today saying that interoperability otherwise could be at least five-years off.

"We have validated SAML's strong traction in the marketplace in several reports this year and in work with our client base, estimating it is in use at between 100 and 200 organizations worldwide," Blum said. "SAML is a proven standard offering implementers opportunities for productivity gains, cost savings, risk transference, or competitive advantage. Additional work on nailing down interoperability will enhance SAML's value to customers."

SAML is one of several security standards being developed at OASIS. Other specifications include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data, SPML for exchanging provisioning information, and XrML for rights management.

Currently, E-Authentication is working with products that are interoperable using the SAML 1.0 protocol. According to Steve Timchak, E-Authentication Program Manager, "interoperability among products is a key to the federated approach adopted by the E-Authentication Initiative. Additional protocols will emerge and become viable standards in the E-Authentication environment as federated authentication evolves. Sponsoring the SAML 1.1 Interoperability Lab is part of E-Authentication's commitment to this evolution."

Timchak told internetnews.com that, after some additional testing with partners, the protocols would be widely distributed later this year in preparation for a Summer 2005 deadline.

To illustrate the importance of the Internet to U.S. citizens and the high expectations they have, a recent survey of 1,023 adults, conducted by Hart-Teeter Research and underwritten by Accenture, showed that 74 percent of e-government users expect that the Internet will have a more positive effect on how government operates over the next 5 to 10 years. A separate study by consulting firm Accenture found that the number one reason governments use the Internet is to improve customer service.