[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Requesting SAML 1.1 Committee Specification for consideration as OASIS Standard
As a result of a unanimous vote of the Security Services Technical Committee conducted on Tuesday, 01-July-2003, the TC co-chairs hereby submit the SAML 1.1 specification for consideration as an OASIS Standard. Minutes for this meeting are posted at: http://lists.oasis-open.org/archives/security-services/200307/msg00002.html.
Pursuant to the process stipulated in Section 2 of the OASIS Technical Committee Process, the SSTC has published:
The individual normative documents are available at:
The following non-normative document is also considered part of the submission:
The following additional non-normative documents describe errata and issues dealt with by the SSTC during its work on SAML 1.1.
The Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A typical example of a subject is a person, identified by his or her email address in a particular Internet DNS domain.
Assertions can convey information about authentication acts performed by subjects, attributes of subjects, and authorization decisions about whether subjects are allowed to access certain resources. Assertions are represented as XML constructs and have a nested structure, whereby a single assertion might contain several different internal statements about authentication, authorization, and attributes. Note that assertions containing authentication statements merely describe acts of authentication that happened previously.
Assertions are issued by SAML authorities, namely, authentication authorities, attribute authorities, and policy decision points. SAML defines a protocol by which clients can request assertions from SAML authorities and get a response from them. This protocol, consisting of XML-based request and response message formats, can be bound to many different underlying communications and transport protocols; SAML currently defines one binding, to SOAP over HTTP.
SAML may be profiled to enable Single Sign-On (SSO), the ability of a user to authenticate in one domain and use resources in other domains without re-authenticating. The SAML specifications define two Web Browser SSO Profiles. However, note that SAML can be profiled to support various non-SSO-specific usage scenarios, such as in authorization systems.