OASIS ratifies security markup

Members of the Organization for the Advancement of Structured information Standards (OASIS) have ratified Security Assertion Markup Language (SAML) version 2.0 as an OASIS standard, a move that some observers see as a significant step toward so-called federated networks.

Those networks share already existing repositories of identity information. SAML 2.0 will allow for a single Web-based sign-on for people needing to move information across separate security domains, a necessity for the kind of inter-agency communications being pushed at all levels of government.

SAML 2.0 acts as the "convergence point" for major identity federation initiatives being deployed today such as SAML 1.x varieties, Liberty ID-FF and the Internet2.s Shibboleth effort, said Rob Philpott, senior consulting engineer at RSA Security and co-chairman of the OASIS security services technical committee.

"Some of (SAML 2.0) features fill in important 'gaps' observed in practical deployments (such as) the attribution profiles and metadata specification that simplify agreement between businesses participating in a federation," said Prateek

Mishra, the other committee co-chairman and one of the SAML developers. Other features include encryption, pseudonyms and user content that enable confidentiality and privacy of user information, he said.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at brian@hullite.com.