The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

GCN: GSA signs on with SAML

The government’s push toward E-Authentication and federated identity management has given a boost to the Security Assertion Markup Language, industry analysts say.

Federal program managers say the government’s pioneering interoperability testing program for the E-Authentication Federated Identity and Authentication Initiative has helped drive standard implementations of the protocol in identity management products.

The E-Authentication program, established in 2002, was using SAML 1.0 as the protocol for user authentication when it first went live in 2005. In September the program adopted SAML 2.0, and the General Services Administration announced it was turning interoperability testing over to the Liberty Alliance Project.

That project, a coalition of 160 industry, nonprofit and government organizations including GSA and the Defense Department, sponsors standards development for federated identity management.

E-Authentication Solutions forms part of the administration’s e-government initiative. “The purpose is to provide credentialing services for outward-facing government applications on the Web,” said Tom Kireilis, GSA’s acting program executive.

The E-Authentication program provides Assurance Level 1 and 2 credentials, which can be a user ID and password. Program leaders seek to build a system that would allow users to sign on across many applications using a single set of credentials.

In addition to the domestic program, several other national governments are deploying SAML 2.0-based applications to enable identity- based access. Use of a common standard could allow federated identity access controls across multiple enterprises.

Federated identity management projects are gaining momentum because providing user authentication separately for each of the hundreds of public-facing government applications entails needless costs for the enterprises supporting them and irksome burdens for users who now must maintain multiple IDs and passwords to access different online resources.

Read the complete article by William Jackson in Government Computer News. Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I