OASIS ratifies security markup

Members of the Organization for the Advancement of Structured information Standards (OASIS) have ratified Security Assertion Markup Language (SAML) version 2.0 as an OASIS standard, a move that some observers see as a significant step toward so-called federated networks.

Those networks share already existing repositories of identity information. SAML 2.0 will allow for a single Web-based sign-on for people needing to move information across separate security domains, a necessity for the kind of inter-agency communications being pushed at all levels of government.

SAML 2.0 acts as the "convergence point" for major identity federation initiatives being deployed today such as SAML 1.x varieties, Liberty ID-FF and the Internet2.s Shibboleth effort, said Rob Philpott, senior consulting engineer at RSA Security and co-chairman of the OASIS security services technical committee.

"Some of (SAML 2.0) features fill in important 'gaps' observed in practical deployments (such as) the attribution profiles and metadata specification that simplify agreement between businesses participating in a federation," said Prateek

Mishra, the other committee co-chairman and one of the SAML developers. Other features include encryption, pseudonyms and user content that enable confidentiality and privacy of user information, he said.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at [email protected].

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected