OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML Usage Statistics?


I know that BEA support SAML ‘tokens’ (at least from their 8.1 version). I do not know about MSFT servers, but they might be supporting developers through their WSE API.

 

In general, I believe that more and more (application) servers will make this a standard feature they support – probably within the next 6 months. Depending on what software you use, you might get a inherent support for SAML without any further coding/customization.

 

However, I doubt individual implementations by these vendors will seamlessly integrate without causing enough headaches.

 

Thanks,

Seetharama

 

-----Original Message-----
From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Friday, June 04, 2004 11:55 AM
To: Philpott, Robert
Cc: Scott Burkey; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Usage Statistics?

 

So the toolkit approach seems to put SAML in the application space, what about the middleware space, such as the application server space ? Are BEA or MSFT (or other major vendors) going to include SAML support in the application servers ? I agree in your statement that good but complex technologies have failed in the market space, so maybe you can point out how SAML solves this issue in the application space. Also you may want to differentiate between existing application and new applications.

Anthony Nadalin | work 512.838.0085 | cell 512.289.4122
Inactive hide details for "Philpott, Robert" <rphilpott@rsasecurity.com>"Philpott, Robert" <rphilpott@rsasecurity.com>

"Philpott, Robert" <rphilpott@rsasecurity.com>

06/04/2004 08:26 AM

To


"Scott Burkey" <sab@magner.net>, <saml-dev@lists.oasis-open.org>

cc

Subject


RE: [saml-dev] SAML Usage Statistics?

 


Scott,

I'm not in Atlanta, so I can't take you up on the lunch offer, but I'm
available for a phone chat next week if you'd like.

There are a couple of approaches folks seem to take for deploying SAML.
Some early adopters took the approach of integrating SAML into their
environments using toolkits that are available from several places.
Some folks still take this approach, especially if they need to make use
of generalized SAML queries to solve a unique problem they have. The
number of these types of deployments may be low.

Today, quite a few vendors have COTS implementations for SAML that, at a
minimum, can be used to create SSO solutions across security domains
(e.g. between business partners).  Most of these COTS products are
integrated with other Web Access Management (WAM) and identity
management systems that the vendors sell. Many are customizable to
varying degrees so that you can deploy with applications not protected
by WAM products.  Now that many of the vendors are now on their second
or third revisions of their solutions, my sense is that deployments for
these solutions are becoming much more wide-spread.  You may get some
data to substantiate this by contacting each vendor independently.

The great thing about these solutions is the interoperability.  At this
years RSA Conference, we hosted a public interop event where 12 vendors
demonstrated SAML V1.1 interoperability for SSO using both the
Browser/Artifact Profile and the Browser/POST Profile.

Many good but complex technologies have failed in the market because the
time/$ required to integrate/deploy/manage them have exceeded some pain
threshold.  But I don't see that happening with SAML, especially where
existing identity management and WAM products are directly integrating
SAML under the covers or as an add-on. I foresee continued improvements
in this integration and an emphasis on making the solutions easy to
manage and deploy so as to not cross that pain threshold.

Rob Philpott
Senior Consulting Engineer
RSA Security Inc.
Tel: 781-515-7115
Mobile: 617-510-0893
Fax: 781-515-7020
mailto:rphilpott@rsasecurity.com

-----Original Message-----
From: Scott Burkey [mailto:sab@magner.net]
Sent: Friday, June 04, 2004 9:02 AM
To: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Usage Statistics?

I'm very interested in speaking with somebody (if you're in
Atlanta....I'll spring for lunch at the restaurant of YOUR choice!)
either in person or on the phone about what it would REALLY cost to put
SAML in place in my environment. My company has no real "pain" to
motivate it to spring for the $ for resources to do so, so it would be
something that my team would have to do "on the side". So time/$ would
be a factor. We're good technologists, but spread pretty thin these
days, like most IT groups in a small company. Anyway, just looking for
anyone that I can network with that can share their expriences. Thanks.

Scott Burkey

-----Original Message-----
From: Scott Wiseman [mailto:scott@intercore.net]
Sent: Thursday, June 03, 2004 5:05 PM
To: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] SAML Usage Statistics?

Talk about how easy it is to intergrate and the lowered costs...stream
line it baby!!!

-----Original Message-----
From: Barton Stanley [mailto:barton-stanley@swbell.net]
Sent: Thursday, June 03, 2004 2:05 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] SAML Usage Statistics?

I'm attempting to determine if I can build a fact-based business case
that justifies the adoption of SAML if an organization's business
partners have not yet adopted it.

If an organization's business partners have not adopted SAML then if the
organization does adopt it then it is left with the task of "selling"
SAML to its partners if its investment in SAML is to pay off.

Are there any SAML usage statistics or any other information that might
help me build the business case I describe above?

If this is not the proper forum for my query, I'd appreciate any
pointers to other forums that might be more appropriate.

Thanks,

Barton Stanley

To unsubscribe from this list, send a post to
saml-dev-unsubscribe@lists.oasis-open.org, or visit
http://www.oasis-open.org/mlmanage/. www.avidware.net
www.allaboutsingles.com www.people-services.net www.intercore.net
www.avidware.com




To unsubscribe from this list, send a post to
saml-dev-unsubscribe@lists.oasis-open.org, or visit
http://www.oasis-open.org/mlmanage/.


To unsubscribe from this list, send a post to
saml-dev-unsubscribe@lists.oasis-open.org, or visit
http://www.oasis-open.org/mlmanage/.



To unsubscribe from this list, send a post to saml-dev-unsubscribe@lists.oasis-open.org, or visit http://www.oasis-open.org/mlmanage/.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]