Call me SAML-Compliant

Well, okay, call me SAML 2.0 then, which isn’t the same thing as SAML 1.0, an earlier version of the Security Assertion Markup Language.

SAML is the protocol used to achieve Single Sign-On between Web sites as well as authentication that enables safe transactions, among other things. As our Webopedia site [explains](, SAML defines mechanisms to exchange authentication, authorization and nonrepudiation information.

If all this identity standards alphabet soup drives people crazy, it’s probably because some mighty fine hair splitting is often involved with which standard to use, since there are others like WS-Federation.

WS-Federation is also trying to address the identity and security requirements of both Web applications and Web services. Definitely not the same thing as SAML. But new projects have cropped up to make them act the same, such as Project [Concordia](, whose mission is to “drive interoperability across identity protocols in use today.”

And overall, the industry is making progress with interoperability. The Liberty Alliance, for example, which includes IBM, Microsoft, Oracle and RSA, group [just announced that]( “products from CA; NTT Software; Ping Identity; RSA, The Security Division of EMC; and Ubisecure have passed its Liberty Alliance SAML 2.0 interoperability testing.”

It can get pretty mind-boggling.

So now that several vendors’ products have passed its interoperability tests, what does this mean? Simple: If you log in and create an identity once for one of these vendors’ applications, you will be able to access the other vendors’ applications without having to go through the identity creation process again. It’s the equivalent of logging in to your Yahoo mail and using the same login to access Gmail and your account on the Web.

No more remembering multiple passwords or the answers to security questions. It might even save vice-presidential candidates’ e-mail accounts from being hacked.

News Around the Web