FW: [saml-dev] RE: [security-services] Points to Make to the Pres sAboutthe Int erop (and SAML generally )

["Mishra, Prateek" <pmishra@netegrity.com>]

 <<Card for Don Bowen>> 
 

-----Original Message-----
From: Don Bowen
To: Mishra, Prateek
Cc: 'Hal Lockhart'; saml-dev@lists.oasis-open.org;
'security-services@lists.oasis-open.org'; 'James Kobielus'
Sent: 6/25/02 10:42 PM
Subject: Re: [saml-dev] RE: [security-services] Points to Make to the Press
Aboutthe Int	erop (and SAML generally	)

Not just because I'm from Sun :-), but I think we need to be prepared to
address the following question: "What is the difference between SAML and
Liberty?". Am I the only one? Also, I think "SAML is NOT the Holy Grail"
would be another good heading to address. This wouldn't downplay the
significance, but would seek to make sure that the press didn't think we
were painting this as a solution to world hunger :-) 

Are there any other points in our slide preso that are worthy of
pointing out? I'd like us to "write" as much of their report as we
possibly can. 


Don; 


"Mishra, Prateek" wrote: 


 Hal,somewhere we need to work in the narrative we have used in the
interOp document and demonstration. Most press people actually have only
a modest idea what the concept of federation actually means in a
practical way. I will add some slides to the current presentation so as
to illustrate the concept in some detail.In addition, I think that some
of these details also need to be added to this document, which I presume
will actuallybe handed out to the press. Is that correct? We have
earlier discussed on the list the need for a "one page" documentwhich
will be handed out to the press and the participants before/after the
demo. I assume your outline is a firststep in that direction.- prateek 

-----Original Message----- 
From: Hal Lockhart [ mailto:hal.lockhart@entegrity.com
<mailto:hal.lockhart@entegrity.com> ] 
Sent: Tuesday, June 25, 2002 6:15 PM 
To: saml-dev@lists.oasis-open.org 
Cc: 'security-services@lists.oasis-open.org'; 'James Kobielus' 
Subject: [security-services] Points to Make to the Press About the
Interop (and SAML generally ) 
 
Here is my first cut. These are in no particular order. I suspect
different reporters will find different ones to be more "newsworthy". 

SAML Works 


In spite of the fact that SAML is a brand new specification which has
never been implemented before and for which there is currently no
reference implementation, the 12 participating vendors will able to
fully interoperate after only a few days of testing. This is due in
large part to the depth of technical expertise in Authorization and
experience with open standards represented by the Security Services TC. 


SAML is Useful 


The distributed, multi-vendor, multi-portal configuration being
demonstrated solves a real-world problem that exists today. Prior to
SAML, Portals provided for public use on the Internet, by Government,
Industy Consortia or by large enterprises for internal or external use
were required to select a single technology provider. Now organizations
participating in a Portal or other Web SSO environment can freely choose
among SAML-compliant products. 


SAML Enables Federated Identity 


The SAML Domain model and specifications permit Authentication and
Identity information to be federated among multiple organizations and
servers. This means that Access Control decisions can be be based on a
rich set of information, including multiple Authentication methods, and
a variety of user attributes, including Groups, Roles, Permissions,
Authorization Levels and others. However, there is no need to assemble
this information into a single repository in order to access it. This
means: 1) enhanced user Privacy, because the information is held at its
point of orgin and only shared as needed and under the control of the
user 2) greater accuracy, becuase the information is held by the
organization responsible for updating it and 3) more rapid deployment,
because applications and Authorities can be put online as needed. 


Fine Grained Authorization is Key 


The future of secure applications depends on fine grained Authorization
services, such as those enabled by SAML. As the boundaries between
public and private networks blur and protocols such as those used for
Web Services proliferate, coarse grained access control solutions like
firewalls become less and less effective. Although much attention has
been paid to PKI, smartcards, biometrics and other Authentication
technologies, they represent only one step in the process of protecting
assets and enabling Electronic Commerce. 


SAML Serves Multiple Needs 


The SAML Interoperability Demonstration illustrates how SAML can be
applied to the real-world problem of mult-vendor Web SSO. But this is
not the end of the story. SAML has the flexibility to be applied to a
wide range of Authorization interoperability problems in both existing
and future environments. The SSTC is currently developing a Profile for
the use of SAML in conjunction with Web Services which is consistent
with the WS-Security document, recently published by IBM, Microsoft and
Verisign. SAML is being applied to authorization problems in higher
education and on the Public Internet. While SAML is based on XML Schema,
it is equally suitable for use in legacy environments. SAML is
extensible, but it also provides bindings and profiles specified in
sufficient detail for interopertability. It is expected that a variety
of SAML Profiles will be defined for use in both open and closed
environments. 


Hal


 <<Card for Don Bowen>>

Attachment: don.bowen.vcf
Description: Card for Don Bowen