OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] SAML and Liberty

As most everyone knows now, the Liberty Alliance Project announced their
version 1.0 specs on Mon 15-Jul-2002 (at Catalyst). Relevant web pages..

  Liberty Alliance Project
  http://www.projectliberty.org/

  Liberty Alliance Version 1.0 Specification Set
  http://www.projectliberty.org/specs/liberty-specifications-v1.0.zip

    consisting of..

       Liberty Architecture Overview 
       Liberty Architecture Implementation Guidelines 
       Liberty Authentication Context Specification 
       Liberty Bindings and Profiles Specification 
       Liberty Protocols and Schemas Specification 
       Liberty Technical Glossary 

The Liberty specs build directly on SAML, via both XML schema extensions, and
new protocols & profiles. The key technical builds are, in summary: 

  * explicit nameIdentifier exchange (identity federation), 

  * semantically rich, extended AuthnRequest (supports wider range of user
    experiences), 

  * new SSO profiles supporting mobile devices, 

  * bilateral operational agreement between sites supported 
    by provider metadata schema, 

  * Authentication Context schema (provides richer authn context than
    <saml:AuthenticationMethod> identifiers), 

  * introduction protocol (common domain & cookie), 

  * single logout protocol & profiles (completes the SSO picture). 

Having our specs built upon by this group is a solid vote of confidence in the
work we have accomplished here, especially given the breadth of involvement in
Liberty. We should all take pride in this -- as well as the success of the SAML
Interop demo at Catalyst -- both of which demonstrate SAML has "traction" and
is a solid foundation for vendors and deployers to build upon. Thanks to all of
you for all of your hard work over the past 1.5+ years. 


SAML folk should take a close look at the Liberty specs and think about what
portions would make sense to leverage/adopt in the SAML context. Liberty hasn't
yet officially announced the long-term lifecycle of it's specs, and there is
opportunity for providing input (no guarantees on outcome, tho, of course). For
example, the Authentication Context spec is pretty orthogonal and is something
that folks will perhaps be continually adding to -- is there any interest in
taking it on, and having it live in the SSTC or perhaps it's own TC? The SSTC
was, early on, working on session management -- is the Liberty Single Logout
protocol and profiles something that would fit in that draft framework? We
should consider these questions in the general context of thinking about what's
next in the larger sense for the SSTC (e.g. SAML 2.0).  


Some disclosure: 

I am a Liberty contributor and am the editor of the Liberty Architecture
Overview, and Jason Rouault, another SAML participant, is the editor of the
Liberty Bindings and Profiles Spec.

I am quite pleased to finally be able to disclose this, and am looking forward
to doing some "liaising" between SSTC/SAML and Liberty. 

JeffH

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC