I'm sure most folks saw this, but I
don't think it was posted to the list...
http://www.oasis-open.org/news/oasis_news_09_22_03.php
Boston,
MA, USA; 22
September 2003 -- The OASIS standards consortium today announced
that its members have approved the Security Assertion Markup Language (SAML)
version 1.1 as an OASIS Standard, a status that signifies the highest level of
ratification. SAML provides an XML-based framework for exchanging
authentication and authorization information, enabling single sign-on--the
ability to use a variety of Internet resources without having to log in
repeatedly.
"SAML
has gained widespread industry adoption as a basis for federated identity and
security environments," said James Kobielus, senior analyst at Burton
Group. "Clearly, SAML is a living, evolving standard, and OASIS has, with
the new version 1.1, incorporated changes that reflect real-world experience
with SAML version 1.0."
According
to Prateek Mishra of Netegrity, co-chair of the OASIS Security Services
Technical Committee, "Prior to SAML, there was no XML-based standard that
enabled exchange of security information between a security system (such as an
authentication authority) and an application. SAML provides a way to specify
authentication, attribute, and authorization decision statements. It also
specifies a Web services-based request/reply protocol for exchanging these
statements."
"The
SAML 1.1 standard introduces important enhancements that improve its
interoperability and utility to other Web services security efforts in the
industry. This can be seen through the adoption of SAML 1.1 as a foundation for
the Liberty Alliance's Identity Federation Framework, the implementation of
SAML 1.1 by the Internet2/MACE Shibboleth project, and the development of a
SAML profile by the OASIS Web Services Security (WSS) Technical Committee for
using SAML with WS-Security," added Rob Philpott of RSA Security, co-chair
of the OASIS Security Services Technical Committee. "The growing participation
of OASIS member companies in SAML's development and our committee's increasing
collaboration with other security-related standards groups demonstrate the
value of OASIS SAML standardization to the industry."
Liberty
Alliance Management Board president, Michael Barrett, also vice president of
Internet Strategy at American Express, commented, "Collaboration between
standards organizations is critical to industry momentum and to ensure new
technologies like single sign-on and Web services succeed. Organizations
looking to benefit from these new technologies need access to proven,
interoperable, and secure standards that they can build on for the next new
technology. Open standards like SAML and Liberty's specifications
have been proven to meet that need."
Members
of the OASIS Security Services Technical Committee include Baltimore
Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard,
Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun Microsystems,
Verisign, and other security software vendors, financial institutions,
government agencies, and academia.
Industry Support for SAML 1.1
Baltimore
Technologies
"Baltimore welcomes the completion of SAML 1.1 as an important
building-block of the security services infrastructure that will underpin the
emerging service oriented computing landscape," said Patrick McLaughlin,
CTO, Baltimore Technologies.
BEA
Systems
"SAML 1.1 continues the evolution of this key standard for interoperable
exchange of security information in federated environments," said Ed Cobb,
Vice President, Architecture and Standards, BEA Systems, Inc (NASDAQ: BEAS).
"We are pleased at the growing industry support for SAML to secure
information access and to enhance user experiences in service-oriented
environments."
Computer
Associates
"Managing the identities of users outside the enterprise has become as
integral to business enablement as managing the identities of internal
users," said Bilhar Mann, director of eTrust identity and access
management solutions at Computer Associates. "The SAML OASIS Standard will
play an instrumental role in enabling identity management beyond the
enterprise. It will also enable users of CA's SAML-compliant, eTrust identity
and access management solutions to more readily apply corporate management and
security policies to systems that touch customers and supply-chain
partners."
Confluent
Software
"The approval of SAML 1.1 as an OASIS Standard is an important step
towards broader adoption of standards-based authentication and authorization
solutions," said Sekhar Sarukkai, Vice President of Technology &
Co-Founder of Confluent Software. "As a Web services management vendor
supporting SAML in many customer engagements, we believe that the several
important extensions in SAML 1.1 will help accelerate the deployment of secure,
standards-compliant Service Oriented Architectures."
DataPower
Technology
"The release of the 1.1 specification is a testament to the advancement
for Web services deployments and the demand for pragmatic, interoperable solutions
for Web services security," said Rich Salz, Chief Security Architect at
DataPower Technology Inc. "The fact that much of SAML 1.1 is based on
feedback from the 1.0 user community shows that SAML is being deployed and is
meeting real-world needs. We look forward to increased adoption and
evolution."
Entrust
"As one of the early founding members of the OASIS Security Services
Technical Committee and an ongoing contributor to SAML's development, we are
happy to see its advancement in the industry as a standard for identity
federation," said Tim Moses, Director of Advanced Security Technology,
Entrust, Inc. "We are seeing increasing interest in the marketplace around
SAML and are committed to continuing our support for the OASIS Standard through
Entrust's broad portfolio of security solutions for Web Portals, Identity
Management, and Web Services."
Hitachi
"Hitachi welcomes the enhancement of the SAML OASIS Standard," said
Takao Nakamura, General Manager, Network Software of Hitachi, Ltd., Software
Division. "We believe that SAML 1.1 will be an integral part of a secure
Web services environment. We plan on adopting this standard for our Web
services products in the future.
OpenNetwork
"As security technologists and active participants in OASIS, we are
excited that SAML 1.1 has become an OASIS Standard," said Bob Worner, vice
president of product engineering at OpenNetwork. "We look forward to
continued work and standards development and to delivering these technologies
to our customers for more secure and cost effective identity management across
disparate corporate boundaries."
Netegrity
"We are very pleased with the significant traction that SAML has received
and the enhancements in the 1.1 release of SAML incorporate what has been
learned in those deployments," said Deepak Taneja, CTO at Netegrity.
"Utilizing the SAML support within Netegrity's identity and access
management solutions companies are able to realize the benefits of flexible
federation models."
Reactivity,
Inc.
"Reactivity is pleased to support SAML 1.1 as an OASIS Standard. The
Reactivity XML Firewall(tm) incorporates support for the SAML Token Profile
for Web Services to provide out customers with interoperable authentication
credentials for securing XML and Web Services. SAML 1.1 incorporates feedback
from actual production deployments of SAML, which attests to the strength of
the standard in solving real-world problems and delivering rapid business
results," said John Lilly, VP and CTO, Reactivity, Inc.
RSA
Security
"RSA Security is firmly committed to industry standards that help our
customers to be more productive, enjoy greater interoperability, achieve new
business opportunities, and realize a strong return-on-investment across their
infrastructure," said Jason Lewis, Vice President of Product Management
and Marketing at RSA Security. "We have been involved with SAML from its
inception, contributing core intellectual property and technical expertise to
guide its development, and we are pleased with the progress that is reflected
in version 1.1. We support version 1.1 in the latest release of RSA ClearTrust
software and look forward to helping more of our customers capitalize on
federated identity management."
SAP
"The area of security poses a real concern for companies assessing their web
services strategy," said Sachar Paulus, Director of Product Security, SAP.
"Now that SAML 1.1 has achieved OASIS ratification as the industry
standard for security assertions, e.g., for delegating authentication and
authorization decisions to central, federated Identity and Access Management
solutions, a major aspect of the security architecture of a Web services-based
landscape is addressed. SAP already supports SAML 1.0 with its current
NetWeaver release for Single Sign-On purposes and is committed to use SAML 1.1
as a cornerstone for achieving the needed security of SAP's Enterprise Service
Architecture."
Sun
Microsystems
"Sun continues to be committed to supporting SAML as it provides an
essential framework for delivering secure, identity-enabled Web services,"
said Stephen Pelletier, vice president, Network Identity, Communication and
Portal Products. "SAML is a key part of the Liberty Alliance's federated
identity management initiatives, further demonstrating its significant value
and market adoption. Sun is committed to supporting SAML version 1.1 in our
market-leading, Liberty-enabled Java System Identity Server early next
year."
About
OASIS (http://www.oasis-open.org):
OASIS (Organization for the Advancement of Structured Information Standards) is
a not-for-profit, global consortium that drives the development, convergence,
and adoption of e-business standards. Members themselves set the OASIS
technical agenda, using a lightweight, open process expressly designed to
promote industry consensus and unite disparate efforts. OASIS produces
worldwide standards for security, Web services, conformance, business
transactions, electronic publishing, topic maps and interoperability within and
between marketplaces. Founded in 1993, OASIS has more than 2,000 participants
representing over 600 organizations and individual members in 100 countries.
OASIS
Security Services Technical Committee:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Press
contact:
Carol Geyer
Director of Communications
OASIS (www.oasis-open.org)
carol.geyer@oasis-open.org
+1.978.667.5115 x209