02/16/2005

Thirteen vendors from around the world teamed with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to demonstrate interoperability of the Security Assertion Markup Language (SAML) 2.0, a security specification developed by the OASIS standards consortium. SAML enables secure exchange of authentication, attribute, and authorization information between disparate security domains, making secure Internet e-business transactions possible.

The OASIS Federated Identity InterOp Lab, co-sponsored by GSA E-Authentication Initiative, Enspier, and RSA Security, demonstrated a combination of web single sign-on, and single logout scenarios.

"SAML 2.0 brings together SAML 1.x, Liberty Alliance and Shibboleth functionality to provide a logical convergence point for new products and deployments in the coming months," said Dan Blum, Senior Vice President and Research Director, Burton Group. "This OASIS InterOp demonstration offers an important proof-of-concept for the new specification."

According to Stephen Timchak, GSA Program Executive, "The E-Authentication Initiative is committed to helping drive the evolution of federated identity management, and that's why we are excited to sponsor the OASIS Federated Identity InterOp on SAML 2.0 at RSA 2005. I believe that the E-Authentication-sponsored SAML 1.1 interoperability event at last year's RSA conference helped speed the evolution of the SAML standard, and we look forward to being enthusiastic adopters SAML 2.0 when it qualifies for inclusion in the E-Authentication architecture."

A release provided comments from the vendors collaborating on SAML Interoperability:

Computer Associates: "CA's active participation in this year's OASIS SAML Interoperability Lab highlights CA's ongoing commitment to supporting federation standards that empower global enterprises to quickly and easily deliver secure business services," said Marc Chanliau, eTrust product manager at Computer Associates. "As one of the co-founders of the SAML specification, CA is delighted to see SAML 2.0's latest enhancements which will enable our diverse customer base to further extend their federation initiatives and realize the full business benefits of standards-based identity management."

DataPower: "Because organizations cannot possibly agree on a single vendor solution for identity, traditional, proprietary SSO is impractical for federated identity across extranets and Web services. By validating complete SAML interoperability of DataPower's XS40 XML Security Gateway, we ensure that our customers are getting an open, standards-based solution for federated identity. For the second year in a row, DataPower is participating in OASIS SAML InterOp at the RSA Conference, an event that has done so much to advance the vision of 'identity as a service,'" said Eugene Kuznetsov, CTO founder of DataPower.

Entrust: "OASIS SAML 2.0 represents convergence within the SAML standard and signals the widespread acceptance and increasing importance of Federated Identity standards for interoperability between partner domains," said Chris Voice, Vice President of Technology at Entrust, Inc. "Our participation in the OASIS Federated Identity InterOp Lab demonstrates our ongoing support of open standards such as SPML, XACML and SAML."

Oracle: "It is evident that Web services are rapidly becoming the cornerstone for integration and B2B transactions. SAML 2.0 will further propagate the use of Web services for federated identity management to securely connect customers, partners and employees with the information they need," said Uppili Srinavasan, senior director, Identity Management and Security Products, at Oracle Corp. "Oracle's participation in this demonstration illustrates our support for the specification and its ability to enable the secure exchange of information among partners."

RSA Security: "By embracing SAML.2.0 - a convergence standard that is a cornerstone in the future of identity federation - the technology industry will enable companies to collaborate efficiently and securely, across business boundaries," said Toffer Winslow, director of product management and marketing at RSA Security. "RSA Security is proud of its role in contributing intellectual property that led to SAML, and in co-authoring the standard. We're delighted to see that a broad range of vendors -- including RSA Security -- are committed to bringing interoperable solutions to market."

Sun Microsystems: "Sun continues to drive identity management and Web services standards both through our participation with organizations, such as OASIS and the Liberty Alliance, as well as providing full support of the latest standards within our products," said Sara Gates, vice president for identity management, Sun Microsystems, Inc. "Sun is proud to have been a supporter of SAML from its inception, and we are pleased to showcase SAML 2.0 interoperability between Sun Java System Access Manager and other vendors products at the RSA Conference."

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. It can be found on the Web at http://www.oasis-open.org