OASIS ratifies security markup

Members of the Organization for the Advancement of Structured information Standards (OASIS) have ratified Security Assertion Markup Language (SAML) version 2.0 as an OASIS standard, a move that some observers see as a significant step toward so-called federated networks.

Those networks share already existing repositories of identity information. SAML 2.0 will allow for a single Web-based sign-on for people needing to move information across separate security domains, a necessity for the kind of inter-agency communications being pushed at all levels of government.

SAML 2.0 acts as the "convergence point" for major identity federation initiatives being deployed today such as SAML 1.x varieties, Liberty ID-FF and the Internet2.s Shibboleth effort, said Rob Philpott, senior consulting engineer at RSA Security and co-chairman of the OASIS security services technical committee.

"Some of (SAML 2.0) features fill in important 'gaps' observed in practical deployments (such as) the attribution profiles and metadata specification that simplify agreement between businesses participating in a federation," said Prateek

Mishra, the other committee co-chairman and one of the SAML developers. Other features include encryption, pseudonyms and user content that enable confidentiality and privacy of user information, he said.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at brian@hullite.com.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.