OASIS Ratifies SAML Spec | eWeek

OASIS Ratifies SAML Spec

Verfasst von
Dennis Fisher
Dennis Fisher
Nov 6, 2002
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

The SAML 1.0 specification on Wednesday got a big boost when OASIS (Organization for the Advancement of Structured Information Standards) approved the specification as a standard.

The approval was something of a formality, considering that many security vendors have already added SAML support to their products. SAML (Security Assertion Markup Language) is one of several intertwined standards emerging in the nascent field of Web services security.

It is an XML framework that enables organizations to exchange users authentication and authorization information. It is being used widely in the deployment of Web single-sign-on solutions.

SAML also plays a big role in the Liberty Alliance Projects specification, which describes an architecture for federated identity management.

“Ratification of SAML by OASIS for the first time provides a ubiquitous security context that allows companies to interoperate securely across business units within the firewall and with their customers and partners outside the firewall,” said Don Flinn, chief security architect at Quadrasis, a business unit of Hitachi Computer Products America Inc., Waltham, Mass. “SAML is core to our Quadrasis EASI Security Unifier, a solution to solve enterprise application security integration across the multiple tiers, platforms, and security components of the enterprise. We will continue our efforts to advance the WS-Security and SAML specifications.”

The SAML specification was developed by a broad range of security and application vendors, including Baltimore Technologies plc, RSA Security Inc., Oblix Inc. and IBM. Many of these same companies are also involved in advancing the WS-Security specification in OASIS. WS-Security ensures message integrity and confidentiality and is designed to serve as a base upon which high-level security technologies and standards can be layered.

Throw in Microsoft Corp.s .Net Passport identity management service and you have a rats nest of interrelated specifications, standards and technologies.

While there has been a lot of posturing among the companies involved in the various standards efforts, some executives involved in the process say that in the end, the resulting services will be quite similar.

“At the end of the game, they all boil down to the same single-sign-on, cookie management, HTTP redirect technologies,” Nand Mulchandani, chief technology officer and co-founder of Oblix, based in Cupertino, Calif., said of the Liberty-Passport debate. “Whatever happens, were ready to handle it.”

Oblixs NeoPoint solution already includes SAML support, as do products from RSA, Baltimore, Entrust Inc. and Netegrity Inc. Other vendors, including IBM and Computer Associates International Inc., are incorporating SAML into forthcoming products.

Additional reporting by Darryl Taft

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.