Where it began

A large part of the new security specification being developed will be based on an earlier project called the Security Services Markup Language (S2ML).

S2ML was designed to provide a framework for sharing security objects on the Internet. It uses a set of two so-called XML schemas (name assertion and entitlement) and an XML-based request/response protocol for two services (authentication and authorization).

Name assertions and entitlements are two concepts central to S2ML: n S2ML name assertions are created as a result of a successful authentication. An identity assertion describes the type of authentication, the authenticator (e.g., a security engine) and the subject authenticated (i.e., a user or an entity). Entitlements are collections of data that carry information describing authentication, authorization and profile.

n Entitlements travel with the user (or entity) across domains throughout the transaction process. An entitlement is issued at a certain time, for a certain length of time, and addresses a specific audience. In S2ML's context, an entitlement is analogous to an authorization token.