(resent with a subject line this
time so the Kavi mail list archiver will accept the message –
The SSTC has successfully
completed a final public review of the SAML 2.0 specifications and
subsequently completed a vote to reaffirm the specifications as SSTC Committee
Draft Specifications. We also completed a vote to submit the
specifications to OASIS for consideration of approval as an OASIS
The current OASIS TC process
identifies the following items that must be provided when submitting a TC
Committee Draft to OASIS for consideration of adoption as an OASIS Standard.
The SSTC is providing the information supplied below to satisfy the TC process
in this regard.
Please let Prateek and myself know
if there are any questions or whether you require additional information to
satisfy this request.
OASIS Security Services Technical
RSA Security Inc.
- A formal
specification that is a valid member of its type, together with appropriate
documentation for the specification, both of which must be written using
approved OASIS templates
A consolidated zip file with all specifications and schema is publicly
The 8 individual SAML V2.0 PDF files (with no diff’s) are publicly available
The 7 individual main SAML V2.0 schema files are publicly available
The 2 individual core SAML V2.0 Authentication Context schema files are
publicly available at:
The 24 individual SAML V2.0-defined Authentication Context Class schema files
are publicly available at:
- A clear
English-language summary of the specification:
The Security Assertion Markup Language (SAML) defines the syntax and
processing semantics of assertions made about a subject by a system entity.
In the course of making, or relying upon such assertions, SAML system
entities may use other protocols to communicate either regarding an assertion
itself, or the subject of an assertion.
This specification defines both the structure of SAML assertions, and an
associated set of protocols, in addition to the processing rules involved in
managing a SAML system. SAML assertions and protocol messages are encoded in
XML and use XML namespaces. They are typically embedded in other structures
for transport, such as HTTP POST requests or XML-encoded SOAP messages.
The SAML bindings specification provides frameworks for the embedding
and transport of SAML protocol messages. The SAML profiles specification
provides a baseline set of profiles for the use of SAML assertions and
protocols to accomplish specific use cases or achieve interoperability when
using SAML features.
- A statement
regarding the relationship of this specification to similar work of other
OASIS TCs or other standards developing organizations:
To our knowledge, this specification has no relationship to the work of other
OASIS TCs or other standards developing
- Certification by at
least three OASIS member organizations that they are successfully using the
specification consistently with the OASIS IPR Policy:
Trustgenix attestation of
successful use of SAML 2.0:
Entrust attestation of SAML 2.0
Sun Microsystems attestation of
successful use of SAML V2.0:
- An account of each
of the comments/issues raised during the public review period, along with
Available from http://lists.oasis-open.org/archives/security-services/200501/msg00070.html
- An account of and
results of the voting to approve the approve the specification as a
Vote to affirm approval of the
current specification set as a committee draft:
34 Yes, 0 No, 0 Abstain (Out of
39). Two-thirds vote required for passage.
Vote to submit current
specification set to OASIS for standardization.
33 Yes, 0 No, 0 Abstain (Out of
39). Simple majority required for passage.
- An account of or
pointer to votes and comments received in any earlier attempts to
standardize substantially the same specification, together with the
originating TC's response to each comment;
This specification has not previously been submitted to OASIS for
- A pointer to the
publicly visible comments archive for the originating TC;
- A statement from
the chair of the TC certifying that all members of the TC have been provided
with a copy of the OASIS IPR Policy:
Notice published to the list on November 30,
- Optionally, a
pointer to any minority reports submitted by one or more TC members who did
not vote in favor of approving the Committee Draft, or certification by the
chair that no minority reports exist.
No such report exists.