OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Official SSTC Submission of SAML 2.0 for consideration as an OASIS Standard

Congratulations! I was watching all of the activity yesterday just waiting for the submission to post; I turned off my laptop around 6pm but was happy to see it waiting in my inbox this morning. At this point OASIS staff has until the end of the month to review the submission and make sure everything is in order; at a cursory glance this certainly looks to be the case. On February 1 I'll announce the pre-vote review (assuming no inconsistencies are discovered), with the ballot running from the 16th until the end of the month.
On behalf of the entire OASIS staff thank you Rob and Prateek, and the entire TC, for your hard work and dedication!
Mary P McRae
Manager of TC Administration
cell: 603.557.7985
voip: 603.232.9096

From: Philpott, Robert [mailto:rphilpott@rsasecurity.com]
Sent: Saturday, January 15, 2005 10:27 PM
To: mary.mcrae@oasis-open.org
Cc: prateek mishra; Philpott, Robert; security-services@lists.oasis-open.org
Subject: [security-services] Official SSTC Submission of SAML 2.0 for consideration as an OASIS Standard

(resent with a subject line this time so the Kavi mail list archiver will accept the message – ooops)


Hello Mary,


The SSTC has successfully completed a final public review of the SAML 2.0 specifications and subsequently completed a vote to reaffirm the specifications as SSTC Committee Draft Specifications.  We also completed a vote to submit the specifications to OASIS for consideration of approval as an OASIS Standard.


The current OASIS TC process identifies the following items that must be provided when submitting a TC Committee Draft to OASIS for consideration of adoption as an OASIS Standard. The SSTC is providing the information supplied below to satisfy the TC process in this regard.


Please let Prateek and myself know if there are any questions or whether you require additional information to satisfy this request.


Thank you.


OASIS Security Services Technical Committee Chairs:


Prateek Mishra

Principal identity

p: 617-969-5745

c: 617-872-7737



Rob Philpott

RSA Security Inc.

Tel: 781-515-7115

Mobile: 617-510-0893

RSA Security





  1. A formal specification that is a valid member of its type, together with appropriate documentation for the specification, both of which must be written using approved OASIS templates



            A consolidated zip file with all specifications and schema is publicly available from:





            The 8 individual SAML V2.0 PDF files (with no diff’s) are publicly available at:













            The 7 individual main SAML V2.0 schema files are publicly available at:











            The 2 individual core SAML V2.0 Authentication Context schema files are publicly available at:






            The 24 individual SAML V2.0-defined Authentication Context Class schema files are publicly available at:




























  1. A clear English-language summary of the specification:


            The Security Assertion Markup Language (SAML) defines the syntax and processing semantics of assertions made about a subject by a system entity.  In the course of making, or relying upon such assertions, SAML system entities may use other protocols to communicate either regarding an assertion itself, or the subject of an assertion.


        This specification defines both the structure of SAML assertions, and an associated set of protocols, in addition to the processing rules involved in managing a SAML system. SAML assertions and protocol messages are encoded in XML and use XML namespaces. They are typically embedded in other structures for transport, such as HTTP POST requests or XML-encoded SOAP messages.  The SAML bindings specification provides frameworks for the embedding and transport of SAML protocol messages. The SAML profiles specification provides a baseline set of profiles for the use of SAML assertions and protocols to accomplish specific use cases or achieve interoperability when using SAML features.



  1. A statement regarding the relationship of this specification to similar work of other OASIS TCs or other standards developing organizations:


            To our knowledge, this specification has no relationship to the work of other OASIS TCs or other standards developing organizations.



  1. Certification by at least three OASIS member organizations that they are successfully using the specification consistently with the OASIS IPR Policy:


(a)     Trustgenix attestation of successful use of SAML 2.0:

·         http://lists.oasis-open.org/archives/security-services/200412/msg00014.html


(b)     Entrust attestation of SAML 2.0 implementation:

·         http://lists.oasis-open.org/archives/security-services/200411/msg00042.html


(c)     Sun Microsystems attestation of successful use of SAML V2.0:

·         http://lists.oasis-open.org/archives/security-services/200411/msg00105.html



  1. An account of each of the comments/issues raised during the public review period, along with its resolution:


            Available from http://lists.oasis-open.org/archives/security-services/200501/msg00070.html



  1. An account of and results of the voting to approve the approve the specification as a Committee Draft:


(a)     Vote to affirm approval of the current specification set as a committee draft:

·         34 Yes, 0 No, 0 Abstain (Out of 39). Two-thirds vote required for passage.

·         http://www.oasis-open.org/apps/org/workgroup/security/ballot.php?id=667&

(b)     Vote to submit current specification set to OASIS for standardization.

·         33 Yes, 0 No, 0 Abstain (Out of 39). Simple majority required for passage.

·         http://www.oasis-open.org/apps/org/workgroup/security/ballot.php?id=668&


  1. An account of or pointer to votes and comments received in any earlier attempts to standardize substantially the same specification, together with the originating TC's response to each comment;


            This specification has not previously been submitted to OASIS for standardization.



  1. A pointer to the publicly visible comments archive for the originating TC;




  1. A statement from the chair of the TC certifying that all members of the TC have been provided with a copy of the OASIS IPR Policy:


            Notice published to the list on November 30, 2004:

·         http://lists.oasis-open.org/archives/security-services/200411/msg00131.html


  1. Optionally, a pointer to any minority reports submitted by one or more TC members who did not vote in favor of approving the Committee Draft, or certification by the chair that no minority reports exist.


            No such report exists.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]