Where it began

A large part of the new security specification being developed will be based on an earlier project called the Security Services Markup Language (S2ML).

S2ML was designed to provide a framework for sharing security objects on the Internet. It uses a set of two so-called XML schemas (name assertion and entitlement) and an XML-based request/response protocol for two services (authentication and authorization).

Name assertions and entitlements are two concepts central to S2ML: n S2ML name assertions are created as a result of a successful authentication. An identity assertion describes the type of authentication, the authenticator (e.g., a security engine) and the subject authenticated (i.e., a user or an entity). Entitlements are collections of data that carry information describing authentication, authorization and profile.

n Entitlements travel with the user (or entity) across domains throughout the transaction process. An entitlement is issued at a certain time, for a certain length of time, and addresses a specific audience. In S2ML's context, an entitlement is analogous to an authorization token.

Featured

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

  • CLOUD
    pentagon cloud

    Court orders temporary block on JEDI

    JEDI, the Defense Department’s multi-billion-dollar cloud procurement, is officially on hold, according to a federal court announcement Feb. 13.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.