OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Points to Make to the Press About the Interop (andSAML generally )

Title: Points to Make to the Press About the Interop (and SAML generally)

Here is my first cut. These are in no particular order. I suspect different reporters will find different ones to be more "newsworthy".

SAML Works

In spite of the fact that SAML is a brand new specification which has never been implemented before and for which there is currently no reference implementation, the 12 participating vendors will able to fully interoperate after only a few days of testing. This is due in large part to the depth of technical expertise in Authorization and experience with open standards represented by the Security Services TC.

SAML is Useful

The distributed, multi-vendor, multi-portal configuration being demonstrated solves a real-world problem that exists today. Prior to SAML, Portals provided for public use on the Internet, by Government, Industy Consortia or by large enterprises for internal or external use were required to select a single technology provider. Now organizations participating in a Portal or other Web SSO environment can freely choose among SAML-compliant products.

SAML Enables Federated Identity

The SAML Domain model and specifications permit Authentication and Identity information to be federated among multiple organizations and servers. This means that Access Control decisions can be be based on a rich set of information, including multiple Authentication methods, and a variety of user attributes, including Groups, Roles, Permissions, Authorization Levels and others. However, there is no need to assemble this information into a single repository in order to access it. This means: 1) enhanced user Privacy, because the information is held at its point of orgin and only shared as needed and under the control of the user 2) greater accuracy, becuase the information is held by the organization responsible for updating it and 3) more rapid deployment, because applications and Authorities can be put online as needed.

Fine Grained Authorization is Key

The future of secure applications depends on fine grained Authorization services, such as those enabled by SAML. As the boundaries between public and private networks blur and protocols such as those used for Web Services proliferate, coarse grained access control solutions like firewalls become less and less effective. Although much attention has been paid to PKI, smartcards, biometrics and other Authentication technologies, they represent only one step in the process of protecting assets and enabling Electronic Commerce.

SAML Serves Multiple Needs

The SAML Interoperability Demonstration illustrates how SAML can be applied to the real-world problem of mult-vendor Web SSO. But this is not the end of the story. SAML has the flexibility to be applied to a wide range of Authorization interoperability problems in both existing and future environments. The SSTC is currently developing a Profile for the use of SAML in conjunction with Web Services which is consistent with the WS-Security document, recently published by IBM, Microsoft and Verisign. SAML is being applied to authorization problems in higher education and on the Public Internet. While SAML is based on XML Schema, it is equally suitable for use in legacy environments. SAML is extensible, but it also provides bindings and profiles specified in sufficient detail for interopertability. It is expected that a variety of SAML Profiles will be defined for use in both open and closed environments.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC