SAML 1.0 specification gets a thumbs-up

About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store

NEWS

SAML 1.0 specification gets a thumbs-up

By Brian Fonseca
November 6, 2002 3:00 pm PT

update MEMBERS OF THE OASIS interoperability consortium approved the Security Assertion Markup Language (SAML) on Wednesday as an OASIS open standard. The move paves the way for the XML-based framework to enable secure SSO (single sign-on) and other security functions for Web services transactions spanning multiple hosted sites.

ADVERTISEMENT

<a href="http://ad.doubleclick.net/jump/idg.us.info.news/article;abr=!ie;pos=imu;pkey=security;skey=;paud=;saud=;sz=336x280;tile=2;ord=250222011208?"> <img src="http://ad.doubleclick.net/ad/idg.us.info.news/article;abr=!ie;pos=imu;pkey=security;skey=;paud=;saud=;sz=336x280;tile=2;ord=250222011208?" border="0"> </a>

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

TOP NEWS

IT SOLUTION SEARCH

Earmarked as crucial for federated identity management within Web services by The Liberty Alliance, SAML 1.0 is already on the fast track for implementation among a number of Web access management and Web services security products currently available to customers.

IT vendors credited with the development of SAML include IBM, Hewlett-Packard, BEA Systems, Sun Microsystems, VeriSign, Computer Associates, Netegrity, RSA Security, Baltimore Technologies, Entrust, Oblix, OpenNetwork, Hitachi, and Quadrasis, as well as other members of the OASIS Security Services Technical Committee.

According to OASIS (Organization for the Advancement of Structured Information Standards) officials, SAML promises to let users freely jump from multiple Web sites without repeated manual input of trusted credentials. The specification promotes the exchange of authentication and authorization materials by making use of Web services standards such as XML, SOAP, and TLS (Transport Layer Security), and integrates with HTTP or any Web browser.

However, some security experts expect challenges on the business side of Web services and federated identity will require a great deal more scrutiny than producing SAML-friendly products and environments.

"Before we see a whole lot of federation through SAML ... you have to reexamine business agreements, contracts, and make sure language is right and who's going to accept reliability. How is the trust relationship going to be set up and managed," said Gerry Gebel, an analyst for The Burton Group in Salt Lake City. "There's a little bit of uncertainty in what that's going to entail and what best practices will emerge as a template for people to use."

Brian Fonseca is an InfoWorld staff writer.

SPONSORED WHITE PAPERS

EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library:

SPONSORED LINKS

INFOWORLD MARKETPLACE

» IT Compliance Conference: Nov. 5-7 in San Diego
Best Practices, Peer Experiences, & Expert Advice for Building a Defensible IT Compliance Program
» FREE Sophos Threat Detection Test
Is your AV catching everything it should? Free virus, spyware and adware scan.
» IT Audit Checklists
Prepare for your next internal IT audit. Checklists cover security, risk management, PCI, and more.
» FREE White Paper: Mitigating Rock Phish Attacks
Standard anti-phishing methods cannot defeat complex Rock Phish attacks. Learn how to fight back...
» Apply BPM and ITIL at your IT Help Desk
ServiceWise brings BPM to complete IT service while eliminating integration cost. Learn more here.

>> BUY A LINK NOW

	HOME NEWS TEST CENTER OPINIONS PRODUCT GUIDE TECHINDEX	About : Advertise : Subscribe : Contact Us : Awards : Events
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy

All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

Computerworld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no