(resent with a subject line this time so the Kavi mail list
archiver will accept the message – ooops)
The SSTC has successfully completed a final public review of
the SAML 2.0 specifications and subsequently completed a vote to reaffirm the
specifications as SSTC Committee Draft Specifications. We also completed
a vote to submit the specifications to OASIS for consideration of approval as
an OASIS Standard.
The current OASIS TC process identifies the following items
that must be provided when submitting a TC Committee Draft to OASIS for
consideration of adoption as an OASIS Standard. The SSTC is providing the
information supplied below to satisfy the TC process in this regard.
Please let Prateek and myself know if there are any
questions or whether you require additional information to satisfy this
OASIS Security Services Technical Committee Chairs:
RSA Security Inc.
- A formal specification that is
a valid member of its type, together with appropriate documentation for
the specification, both of which must be written using approved OASIS
A consolidated zip file with all specifications and schema is publicly
The 8 individual SAML V2.0 PDF files (with no diff’s) are publicly
The 7 individual main SAML V2.0 schema files are publicly available at:
The 2 individual core SAML V2.0 Authentication Context schema files are
publicly available at:
The 24 individual SAML V2.0-defined Authentication Context Class schema files
are publicly available at:
- A clear English-language
summary of the specification:
The Security Assertion Markup Language (SAML) defines the syntax and processing
semantics of assertions made about a subject by a system entity. In the
course of making, or relying upon such assertions, SAML system entities may use
other protocols to communicate either regarding an assertion itself, or the
subject of an assertion.
specification defines both the structure of SAML assertions, and an associated
set of protocols, in addition to the processing rules involved in managing a
SAML system. SAML assertions and protocol messages are encoded in XML and use
XML namespaces. They are typically embedded in other structures for transport,
such as HTTP POST requests or XML-encoded SOAP messages. The SAML
bindings specification provides frameworks for the embedding and transport of
SAML protocol messages. The SAML profiles specification provides a baseline set
of profiles for the use of SAML assertions and protocols to accomplish specific
use cases or achieve interoperability when using SAML features.
- A statement regarding the
relationship of this specification to similar work of other OASIS TCs or
other standards developing organizations:
To our knowledge, this specification has no relationship to the work of other
OASIS TCs or other standards developing organizations.
- Certification by at least three
OASIS member organizations that they are successfully using the
specification consistently with the OASIS IPR Policy:
attestation of successful use of SAML 2.0:
attestation of SAML 2.0 implementation:
Microsystems attestation of successful use of SAML V2.0:
- An account of each of the
comments/issues raised during the public review period, along with its
Available from http://lists.oasis-open.org/archives/security-services/200501/msg00070.html
- An account of and results of
the voting to approve the approve the specification as a Committee Draft:
(a) Vote to
affirm approval of the current specification set as a committee draft:
34 Yes, 0 No, 0 Abstain (Out of 39).
Two-thirds vote required for passage.
(b) Vote to
submit current specification set to OASIS for standardization.
33 Yes, 0 No, 0 Abstain (Out of 39).
Simple majority required for passage.
- An account of or pointer to
votes and comments received in any earlier attempts to standardize
substantially the same specification, together with the originating TC's
response to each comment;
This specification has not previously been submitted to OASIS for
- A pointer to the publicly
visible comments archive for the originating TC;
- A statement from the chair of
the TC certifying that all members of the TC have been provided with a
copy of the OASIS IPR Policy:
Notice published to the list on November 30, 2004:
- Optionally, a pointer to any
minority reports submitted by one or more TC members who did not vote in
favor of approving the Committee Draft, or certification by the chair that
no minority reports exist.
No such report exists.