OASIS Ratifies SAML 1.0

A specification considered a key factor in securing Web services has been
ratified as a standard by the Organization for the Advancement of
Structured Information Standards

Security Assertion
Markup Language
(SAML) v1.0 is an XML-based framework that defines
mechanisms for exchanging authentication, authorization and non-repudiation
information. Among its most important capabilities is enabling single
sign-on services.

The standard incorporates other industry-standard protocols and messaging
frameworks, including XML Signature, XML Encryption and SOAP.

“SAML 1.0 is an important industry standard for federating diverse security
domains across Web services environments,” said James Kobielus, a senior
analyst with the Burton Group. “SAML 1.0 supports secure interchange of
authentication and authorization information by leveraging the core Web
services standards of Extensible Markup Language (XML), Simple Object
Access Protocol (SOAP), and Transport Layer Security (TLS). Most vendors of
Web access management solutions have committed to SAML 1.0 and are
currently implementing the specification in their products.”

OASIS members voted on SAML through Oct. 31, and the organization announced
it had ratified the specification as an OASIS Open Standard Wednesday.
Acceptance as an OASIS Open Standard is the highest level of ratification
the organization offers.

“SAML lets companies implement single sign-on solutions that allow users to
visit various Web sites without being repeatedly challenged for
credentials,” said Joe Pato of HP, co-chair of the OASIS Security Services
Technical Committee. “In addition, SAML makes it possible to include
security information in documents used in business transactions. This is
particularly relevant for Web services, where security is critical.”

The SAML OASIS Open Standard was developed by Baltimore Technologies, BEA
Systems, Computer Associates, Entrust, Hewlett-Packard Co., Hitachi, IBM,
Netegrity, Oblix, OpenNetwork, Quadrasis, RSA Security, Sun Microsystems,
Verisign, and other members of the OASIS Security Services Technical

News Around the Web