[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Fwd: SAML spec for consideration as an OASIS Standard]
-------- Original Message -------- Subject: [OASIS members] SAML spec for consideration as an OASIS Standard Date: Mon, 28 Jul 2003 15:06:13 -0400 From: "Karl F. Best" <karl.best@oasis-open.org> Reply-To: karl.best@oasis-open.org Organization: OASIS To: members@lists.oasis-open.org, tc-announce@lists.oasis-open.org OASIS members: The OASIS Security Services TC (SSTC) has submitted the Security Assertion Markup Language specification v1.1, which is an approved Committee Specification, for review and consideration for approval by OASIS members to become an OASIS Standard. The TC's submission is attached below. In accordance with Section 2 of the OASIS Technical Process, the specification has already gone through a 30 day public review period. OASIS members now have 15 days to familiarize themselves with the submission. On the 16th of August I will send out a Call For Vote to the voting representative of each OASIS member organization, who will have until the end of the month to cast their ballots on whether this Committee Specification should be approved as an OASIS Standard. OASIS members should give their input on this question to the voting reps of their respective organizations. Members should note that IPR claims related to this specification have been made; please see http://www.oasis-open.org/committees/security/ipr.php The normative TC Process for approval of Committee Specifications as OASIS Standards is found at http://www.oasis-open.org/committees/process.shtml#approval_standard -Karl ================================================================= Karl F. Best Vice President, OASIS office +1 978.667.5115 x206 mobile +1 978.761.1648 karl.best@oasis-open.org http://www.oasis-open.org As a result of a unanimous vote of the Security Services Technical Committee conducted on Tuesday, 01-July-2003, the TC co-chairs hereby submit the SAML 1.1 specification for consideration as an OASIS Standard. Minutes for this meeting are posted at: http://lists.oasis-open.org/archives/security-services/200307/msg00002.html. Pursuant to the process stipulated in Section 2 of the OASIS Technical Committee Process, the SSTC has published: 1. "A formal specification that is a valid member of its type, together with appropriate documentation for the specification, both of which must be written using approved OASIS templates." The SAML 1.1 Specifications are available in a Zip file format from the SSTC Web site at: http://www.oasis-open.org/committees/download.php/2949/sstc-saml-1.1-cs-03-pdf-xsd.zip The individual normative documents are available at: http://www.oasis-open.org/committees/download.php/2946/sstc-saml-core-1.1-cs-03.pdf http://www.oasis-open.org/committees/download.php/2944/sstc-saml-bindings-1.1-cs-02.pdf http://www.oasis-open.org/committees/download.php/2945/sstc-saml-conform-1.1-cs-02.pdf http://www.oasis-open.org/committees/download.php/2947/sstc-saml-glossary-1.1-cs-02.pdf The following non-normative document is also considered part of the submission: http://www.oasis-open.org/committees/download.php/2948/sstc-saml-sec-consider-1.1-cs-02.pdf The following additional non-normative documents describe errata and issues dealt with by the SSTC during its work on SAML 1.1. http://www.oasis-open.org/committees/download.php/2755/sstc-saml-errata-1.1-draft-14.pdf http://www.oasis-open.org/committees/download.php/2665/sstc-saml-1.1-issues-draft-01.pdf 2. "A clear English-language summary of the specification". The Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A typical example of a subject is a person, identified by his or her email address in a particular Internet DNS domain. Assertions can convey information about authentication acts performed by subjects, attributes of subjects, and authorization decisions about whether subjects are allowed to access certain resources. Assertions are represented as XML constructs and have a nested structure, whereby a single assertion might contain several different internal statements about authentication, authorization, and attributes. Note that assertions containing authentication statements merely describe acts of authentication that happened previously. Assertions are issued by SAML authorities, namely, authentication authorities, attribute authorities, and policy decision points. SAML defines a protocol by which clients can request assertions from SAML authorities and get a response from them. This protocol, consisting of XML-based request and response message formats, can be bound to many different underlying communications and transport protocols; SAML currently defines one binding, to SOAP over HTTP. SAML may be profiled to enable Single Sign-On (SSO), the ability of a user to authenticate in one domain and use resources in other domains without re-authenticating. The SAML specifications define two Web Browser SSO Profiles. However, note that SAML can be profiled to support various non-SSO-specific usage scenarios, such as in authorization systems. 3. "Certification by at least three OASIS member organizations that they are successfully using the specification consistently with the OASIS IPR Policy". The following OASIS SSTC members have certified to the SSTC Co-Chairs that they are successfully using the SAML 1.1 Committee Specifications consistent with the OASIS IPR Policy: Baltimore Technologies: http://lists.oasis-open.org/archives/security-services/200307/msg00037.html RSA Security: http://lists.oasis-open.org/archives/security-services/200307/msg00034.html Sigaba: http://lists.oasis-open.org/archives/security-services/200307/msg00036.html 4. "An account of or pointer to the comments/issues raised during the public review period, along with their resolution". The following comments were raised during the SAML 1.1 Public Review: http://lists.oasis-open.org/archives/security-services/200305/msg00148.html - This comment was addressed at the 10-June SSTC meeting. See minutes at http://lists.oasis-open.org/archives/security-services/200306/msg00006.html http://lists.oasis-open.org/archives/security-services/200305/msg00150.html -This comment was addressed by PE23 in the errata document listed above. http://lists.oasis-open.org/archives/security-services/200306/msg00018.html - This comment was addressed during the 1-July SSTC meeting. See minutes at: http://lists.oasis-open.org/archives/security-services/200307/msg00002.html. 5. "An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC's response to each comment". There were no earlier attempts to standardize this specification (though the v1.0 version of SAML was approved as an OASIS Standard in November 2002). 6. "A pointer to the publicly visible comments archive for the originating TC". The publicly available comments archive for the SSTC are available at: http://lists.oasis-open.org/archives/security-services-comment/ 7. "A statement from the chair of the TC certifying that all members of the TC have been provided with a copy of the OASIS IPR Policy". This statement is available at: http://lists.oasis-open.org/archives/security-services/200307/msg00027.html Submitted by the SSTC co-chairs, Prateek Mishra pmishra@netegrity.com, Rob Philpott rphilpott@rsasecurity.com. -- ================================================================= Karl F. Best Vice President, OASIS office +1 978.667.5115 x206 mobile +1 978.761.1648 karl.best@oasis-open.org http://www.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]