OASIS ratifies security markup

Members of the Organization for the Advancement of Structured information Standards (OASIS) have ratified Security Assertion Markup Language (SAML) version 2.0 as an OASIS standard, a move that some observers see as a significant step toward so-called federated networks.

Those networks share already existing repositories of identity information. SAML 2.0 will allow for a single Web-based sign-on for people needing to move information across separate security domains, a necessity for the kind of inter-agency communications being pushed at all levels of government.

SAML 2.0 acts as the "convergence point" for major identity federation initiatives being deployed today such as SAML 1.x varieties, Liberty ID-FF and the Internet2.s Shibboleth effort, said Rob Philpott, senior consulting engineer at RSA Security and co-chairman of the OASIS security services technical committee.

"Some of (SAML 2.0) features fill in important 'gaps' observed in practical deployments (such as) the attribution profiles and metadata specification that simplify agreement between businesses participating in a federation," said Prateek

Mishra, the other committee co-chairman and one of the SAML developers. Other features include encryption, pseudonyms and user content that enable confidentiality and privacy of user information, he said.

Robinson is a freelance journalist based in Portland, Ore. He can be reached at [email protected].

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected