I'm sure most folks
saw this, but I don't think it was posted to the list...
http://www.oasis-open.org/news/oasis_news_09_22_03.php
Boston, MA,
USA; 22
September 2003 -- The OASIS standards consortium today announced
that its members have approved the Security Assertion Markup Language (SAML)
version 1.1 as an OASIS Standard, a status that signifies the highest level of
ratification. SAML provides an XML-based framework for exchanging
authentication and authorization information, enabling single sign-on--the
ability to use a variety of Internet resources without having to log in
repeatedly.
"SAML has
gained widespread industry adoption as a basis for federated identity and
security environments," said James Kobielus, senior analyst at Burton Group.
"Clearly, SAML is a living, evolving standard, and OASIS has, with the new
version 1.1, incorporated changes that reflect real-world experience with SAML
version 1.0."
According
to Prateek Mishra of Netegrity, co-chair of the OASIS Security Services
Technical Committee, "Prior to SAML, there was no XML-based standard that
enabled exchange of security information between a security system (such as an
authentication authority) and an application. SAML provides a way to specify
authentication, attribute, and authorization decision statements. It also
specifies a Web services-based request/reply protocol for exchanging these
statements."
"The SAML
1.1 standard introduces important enhancements that improve its
interoperability and utility to other Web services security efforts in the
industry. This can be seen through the adoption of SAML 1.1 as a foundation
for the Liberty Alliance's Identity Federation Framework, the implementation
of SAML 1.1 by the Internet2/MACE Shibboleth project, and the development of a
SAML profile by the OASIS Web Services Security (WSS) Technical Committee for
using SAML with WS-Security," added Rob Philpott of RSA Security, co-chair of
the OASIS Security Services Technical Committee. "The growing participation of
OASIS member companies in SAML's development and our committee's increasing
collaboration with other security-related standards groups demonstrate the
value of OASIS SAML standardization to the industry."
Liberty
Alliance Management Board president, Michael Barrett, also vice president of
Internet Strategy at American Express, commented, "Collaboration between
standards organizations is critical to industry momentum and to ensure new
technologies like single sign-on and Web services succeed. Organizations
looking to benefit from these new technologies need access to proven,
interoperable, and secure standards that they can build on for the next new
technology. Open standards like SAML and Liberty's
specifications have been proven to meet that need."
Members
of the OASIS Security Services Technical Committee include Baltimore
Technologies, BEA Systems, Computer Associates, Entrust, Hewlett-Packard,
Netegrity, Oblix, OpenNetwork, Reactivity, RSA Security, SAP, Sun
Microsystems, Verisign, and other security software vendors, financial
institutions, government agencies, and academia.
Industry Support for SAML
1.1
Baltimore Technologies
"Baltimore
welcomes the completion of SAML 1.1 as an important building-block of the
security services infrastructure that will underpin the emerging service
oriented computing landscape," said Patrick McLaughlin, CTO, Baltimore
Technologies.
BEA
Systems
"SAML 1.1 continues the evolution of this key standard for
interoperable exchange of security information in federated environments,"
said Ed Cobb, Vice President, Architecture and Standards, BEA Systems, Inc
(NASDAQ: BEAS). "We are pleased at the growing industry support
for SAML to secure information access and to enhance user experiences in
service-oriented environments."
Computer
Associates
"Managing the identities of users outside the enterprise has
become as integral to business enablement as managing the identities of
internal users," said Bilhar Mann, director of eTrust identity and access
management solutions at Computer Associates. "The SAML OASIS Standard will
play an instrumental role in enabling identity management beyond the
enterprise. It will also enable users of CA's SAML-compliant, eTrust identity
and access management solutions to more readily apply corporate management and
security policies to systems that touch customers and supply-chain
partners."
Confluent
Software
"The approval of SAML 1.1 as an OASIS Standard is an important
step towards broader adoption of standards-based authentication and
authorization solutions," said Sekhar Sarukkai, Vice President of Technology
& Co-Founder of Confluent Software. "As a Web services management vendor
supporting SAML in many customer engagements, we believe that the several
important extensions in SAML 1.1 will help accelerate the deployment of
secure, standards-compliant Service Oriented Architectures."
DataPower
Technology
"The release of the 1.1 specification is a testament to the
advancement for Web services deployments and the demand for pragmatic,
interoperable solutions for Web services security," said Rich Salz, Chief
Security Architect at DataPower Technology Inc. "The fact that much of SAML
1.1 is based on feedback from the 1.0 user community shows that SAML is being
deployed and is meeting real-world needs. We look forward to increased
adoption and evolution."
Entrust
"As one of the early founding members of
the OASIS Security Services Technical Committee and an ongoing contributor to
SAML's development, we are happy to see its advancement in the industry as a
standard for identity federation," said Tim Moses, Director of Advanced
Security Technology, Entrust, Inc. "We are seeing increasing interest in the
marketplace around SAML and are committed to continuing our support for the
OASIS Standard through Entrust's broad portfolio of security solutions for Web
Portals, Identity Management, and Web Services."
Hitachi
"Hitachi welcomes the
enhancement of the SAML OASIS Standard," said Takao Nakamura, General Manager,
Network Software of Hitachi, Ltd., Software Division. "We believe that SAML
1.1 will be an integral part of a secure Web services environment. We plan on
adopting this standard for our Web services products in the future.
OpenNetwork
"As security technologists and active
participants in OASIS, we are excited that SAML 1.1 has become an OASIS
Standard," said Bob Worner, vice president of product engineering at
OpenNetwork. "We look forward to continued work and standards development and
to delivering these technologies to our customers for more secure and cost
effective identity management across disparate corporate
boundaries."
Netegrity
"We are very pleased with the significant
traction that SAML has received and the enhancements in the 1.1 release of
SAML incorporate what has been learned in those deployments," said Deepak
Taneja, CTO at Netegrity. "Utilizing the SAML support within Netegrity's
identity and access management solutions companies are able to realize the
benefits of flexible federation models."
Reactivity, Inc.
"Reactivity is pleased to support
SAML 1.1 as an OASIS Standard. The Reactivity XML Firewall(tm) incorporates
support for the SAML Token Profile for Web Services to provide out customers
with interoperable authentication credentials for securing XML and Web
Services. SAML 1.1 incorporates feedback from actual production deployments of
SAML, which attests to the strength of the standard in solving real-world
problems and delivering rapid business results," said John Lilly, VP and CTO,
Reactivity, Inc.
RSA
Security
"RSA Security is firmly committed to industry standards that help
our customers to be more productive, enjoy greater interoperability, achieve
new business opportunities, and realize a strong return-on-investment across
their infrastructure," said Jason Lewis, Vice President of Product Management
and Marketing at RSA Security. "We have been involved with SAML from its
inception, contributing core intellectual property and technical expertise to
guide its development, and we are pleased with the progress that is reflected
in version 1.1. We support version 1.1 in the latest release of RSA ClearTrust
software and look forward to helping more of our customers capitalize on
federated identity management."
SAP
"The area of security poses a real concern for
companies assessing their web services strategy," said Sachar Paulus, Director
of Product Security, SAP. "Now that SAML 1.1 has achieved OASIS ratification
as the industry standard for security assertions, e.g., for delegating
authentication and authorization decisions to central, federated Identity and
Access Management solutions, a major aspect of the security architecture of a
Web services-based landscape is addressed. SAP already supports SAML 1.0 with
its current NetWeaver release for Single Sign-On purposes and is committed to
use SAML 1.1 as a cornerstone for achieving the needed security of SAP's
Enterprise Service Architecture."
Sun
Microsystems
"Sun continues to be committed to supporting SAML as it
provides an essential framework for delivering secure, identity-enabled Web
services," said Stephen Pelletier, vice president, Network Identity,
Communication and Portal Products. "SAML is a key part of the Liberty
Alliance's federated identity management initiatives, further demonstrating
its significant value and market adoption. Sun is committed to supporting SAML
version 1.1 in our market-leading, Liberty-enabled Java System Identity Server
early next year."
About
OASIS (http://www.oasis-open.org):
OASIS
(Organization for the Advancement of Structured Information Standards) is a
not-for-profit, global consortium that drives the development, convergence,
and adoption of e-business standards. Members themselves set the OASIS
technical agenda, using a lightweight, open process expressly designed to
promote industry consensus and unite disparate efforts. OASIS produces
worldwide standards for security, Web services, conformance, business
transactions, electronic publishing, topic maps and interoperability within
and between marketplaces. Founded in 1993, OASIS has more than 2,000
participants representing over 600 organizations and individual members in 100
countries.
OASIS
Security Services Technical Committee:
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Press
contact:
Carol Geyer
Director of Communications
OASIS (www.oasis-open.org)
carol.geyer@oasis-open.org
+1.978.667.5115
x209