Authentication and authorization :: Authorization policy representation and management :: Confidentiality :: Digital Identity :: Identity provisioning :: Integrity and non-repudiation :: Managing Trust :: Service-Oriented Architecture :: Web Services :: XML


SAML Made Simple!

By David Ingersoll, SAP Network Blogs. The J2EE implementation in SAP NetWeaver offers several more enhanced authentication mechanisms beyond those available to the ABAP environment. Among these include the Security Assertion Markup Language (SAML). SAML is an industry standard XML method for exchanging authentication and authorization data between security domains. If we use the example of SAP NetWeaver, the J2EE represents one security domain and an external authentication tool (3rd party VPN, LDAP, AD, etc.) represents another. SAML bridges the security and authentication gap between these disparate system landscapes. SAP NetWeaver 2004 and 2004s fully support SAML 1.0 and 1.1. While SAML 2.0 provides many more enhancements, it is not currently supported by SAP, although it should be in future support packs and releases of NetWeaver.
- SAML -

A Comprehensive Identity Management Ecosystem and Reference Architecture

To address customer demand for access management capabilities that extend beyond traditional Web-based applications, Oracle has announced the Oracle Extended Identity Management Ecosystem and Reference Architecture. Furthering its support for customers with heterogeneous IT environments, Oracle has teamed with global Independent Software Vendors (ISVs) to deliver a comprehensive blueprint for enterprise security capabilities that span strong authentication, network, legacy and physical access applications. Oracle Identity Management’s support of industry standards such as WS*, XACML, SAML and SPML enable customers and partners to more easily integrate applications with the framework.
- Digital Identity - SAML -

Sun says it will not seek licenses for use of SAML patents

Sun issues 'SAML Non-Assertion Covenant'. "What I thought was the most interesting vendor announcement to come out of last week's Catalyst Conference didn't even rate a press release and wasn't being "demoed" in a hospitality suite. Instead, Sun submitted a document to OASIS and quietly told people (i.e., whispered in their ear) about it." Identity Management Newsletter
- SAML -

OASIS Makes SAML 2.0 Official

OASIS approved version 2.0 of the Security Assertion Markup Language (SAML) (define) as a standard, providing guidelines for developers to create single sign-on applications that work across disparate locations on the Internet
- SAML -


Eve Maler: The elevator pitch might be that SAML is the universal solvent of security and identity information.
- Authentication and authorization - SAML -

Liberty Alliance Releases Enhanced Framework For Identity-Based Web Services

The Liberty Alliance announced the second-generation version of WSF 2.0, a framework for identity-based Web services. The framework now supports SAML 2.0 and defines how SAML 2.0 can be used to communicate identity information among identity-based Web services.
- Digital Identity - SAML -

OASIS Security Services TC

The Security Services TC is working to advance the Security Assertion Markup Language (SAML) as an OASIS standard.
- Authentication and authorization - SAML -