[announce] OASIS Members Demonstrate Support for New Web AccessSecurity Standard at SAML Interoperability Event

[Carol Geyer <carol.geyer@oasis-open.org>]

OASIS Members Demonstrate Support for New Web Access Security Standard
at SAML Interoperability Event

IBM, Novell, Oblix, Sun Microsystems, and Other Companies Showcase
Standard for Exchanging Authentication and Authorization Information on
the Internet


San Francisco, California, USA; 15 July 2002 -- The first public
demonstration of the OASIS Security Assertion Markup Language (SAML) was
held today at the Catalyst Conference in San Francisco. Twelve vendors,
including IBM, Novell, Oblix, Sun Microsystems Inc., Baltimore
Technologies, CrossLogix, Entegrity Solutions, ePeople, Overxeer,
Netegrity, RSA Security, and Sigaba participated in the event, which
demonstrated interoperability of SAML 1.0-conformant security software
products.

"SAML is an important security interoperability initiative," said James
Kobielus, senior analyst at Burton Group. "Most Web access solution
vendors have committed resources to the emerging standard and are in the
process of implementing SAML 1.0 in the next releases of their products.
The OASIS SAML interoperability demonstration proves the standard’s
viability in practice."

SAML allows authentication and authorization information to be exchanged
among disparate Web access management and security products. The OASIS
specification addresses the need for secure single sign-on among diverse
Web access management environments implemented across various
organizations, applications, Web sites and portals. Defining
standardized exchanges of identity and access management information,
SAML leverages such Web services standards as XML and SOAP.

"Traditionally, security has been implemented within a single
enterprise, but companies are now partnering on the Web to expand the
scope and range of their e-business transactions. With SAML, application
service providers and end-user companies of all sizes can securely
exchange information about users, Web services, and authorization
information without requiring partners to change their current security
solutions," said Hal Lockhart of Entegrity, member of the OASIS Security
Services Technical Committee. He added, "SAML is the common language
that defines how different systems can communicate data about security."

"This interoperability demonstration is a milestone in the development
and recognition of SAML 1.0 as an open standard," said Patrick Gannon,
president and CEO of OASIS. "The event is a testimony to how the
industry has come together to develop SAML and how quickly vendors are
implementing it in their products."

The SAML specification has been completed and approved by the OASIS
Security Services Technical Committee and is now under review by the
OASIS membership at-large for consideration as an OASIS Standard. SAML
is one of several security standards being developed at OASIS. Other
specifications include WS-Security for high-level security services,
XACML for access control, XCBF for describing biometrics data, SPML for
exchanging provisioning information, and XrML for rights management.

Industry Leaders Support SAML

"Access management vendors are rallying around security standards for
interoperability across Web services, helping speed the adoption of
dynamic e-business applications," said Arvind Krishna, vice president of
security products, Tivoli Software, IBM. "IBM is committed to delivering
open standards-based security management that leverages emerging Web
services standards like SAML."

"Helping businesses securely connect employees, customers, partners and
suppliers across organizational boundaries is at the heart of Novell's
one Net vision; and SAML offers a very promising means to make that
vision a reality," said Winston Bumpus, director of standards for
Novell. "As a passionate supporter of many standards development
efforts, we're very pleased to see the cooperation of so many industry
leaders in OASIS' SAML Interoperability Demonstration. This event is a
very important step toward the completion and acceptance of the SAML
standard, and its potential to improve and secure online business
relationships."

"Oblix has always been a strong advocate of open standards, and we are
excited to demonstrate our commitment to SAML," says Nand Mulchandani,
Oblix co-founder and chief technology officer. "SAML is another key
piece of our comprehensive Federation Services, which facilitates the
federation of identity services across corporate boundaries. Our focus
continues to be on providing our customers the ability to easily
integrate Oblix solutions into their existing environments."

"This is a major step forward for the industry as SAML helps further the
evolution of Web services security by enabling heterogeneous
interoperability between vender solutions," said Andy Eliopoulos,
director of product marketing, network identity, Sun Microsystems, Inc.
"Sun is committed to developing and supporting open standards that
enable enterprises to more easily and cost-effectively deploy end-to-end
identity services across value networks."



About OASIS

OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium
that drives the development, convergence and adoption of e-business
standards. Members themselves set the OASIS technical agenda, using a
lightweight, open process expressly designed to promote industry
consensus and unite disparate efforts. OASIS produces worldwide
standards for security, Web services, XML conformance, business
transactions, electronic publishing, topic maps and interoperability
within and between marketplaces. OASIS has more than 400 corporate and
individual members in 100 countries around the world.


For more information:
Carol Geyer
Director of Communications
OASIS www.oasis-open.org
carol.geyer@oasis-open.org
+1.978.667.5115 x209