TrustBearer Labs, an authentication and digital identity solutions company, announced today that the TrustBearer Desktop PIV API meets the Federal Information Processing Standards (FIPS) 201 requirements and is approved by US Government GSA for deployment in Homeland Security Presidential Directive 12 (HSPD-12) programs. The certification enables government agencies to purchase TrustBearer Desktop PIV middleware to comply with the FIPS 201 standard as mandated by HSPD-12.
The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
Welcome to SAML XML.org.
This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.
TrustBearer PIV Middleware Achieves United States Government Certification
News: Submitted by carolgeyer on Thu, 2009-01-08 14:31.
Salestrakr partners with GlobalCrypto
News: Submitted by carolgeyer on Wed, 2009-01-07 15:00. Last updated on Thu, 2009-01-08 14:29.
GlobalCrypto today announced it signed a deal to provide bi-directional authentication for Salestrakr. RealMe strong authentication software from GlobalCrypto, enables a user to upload a photo of their choice and have that picture embedded with cryptographic information unique to the user and Web site. RealMe then separates the picture and exchanges half of the image between a user and Web site. No login can take place until the user unlocks the encrypted image with their password and the two halves of the encrypted information in the digital image match.
signing and public key question
Forum topic: Submitted by ms10 on Tue, 2008-12-16 13:21.
I'm new to SAML and have a question concerning the signing process. Forgive me if it seems a little stupid.
What is there to stop a malicious 3rd party from creating private and public keys of their own, then creating a fake assertion, sign it with the private key and include the public key in the x509 certificate inside the SAML response? To the consuming provider, the assertion would appear to come from a trusted identifying provider and be legitimately signed when verified against the enclosed public key.
Open Source Enterprise-Grade ArisID Focus of December 11 OpenLiberty.org Webcast
News: Submitted by Liberty Rus on Tue, 2008-12-09 13:00.
Event Reviews Benefits of Declarative Identity Systems Using the Open Source Multi-Protocol ArisID
OpenLiberty.org, the global open source community working to provide developers with resources and support for building interoperable identity-enabled services for enterprises and people, today announced the webcast Leveraging the Open Source ArisID to Build Declarative Identity-Enabled Enterprise Applications taking place at 8:00am US PT (5:00PM CET) on Thursday, December 11.
commercial IDP
Forum topic: Submitted by tristian2 on Sun, 2008-11-30 16:54.
Hi,
I have evaluated pingIdentity (very good but expensive) and symlabs (good but limited in some senses).
i have scoured the 'Net for other commercial identity providers. i want to install one on the corporate network to enable our intranet users to single sign on to other external websites.
when i started the research i anticipated some kind of hardware box that could be used, but i havent found anything.
Search
SUBSCRIBE
RECENT CONTENT
- SAML Wiki Knowledgebase
10 years ago - SAML 2.0 with java Sample
10 years ago - Govt Computer News: 'The power of one password'
10 years ago
1 reply - OASIS approves SAML 2.0 Errata
10 years ago
1 reply - IBM Pushes Federated Identity Management
10 years ago
1 reply - VMware Unveils Horizon App Manager
10 years ago
1 reply
Navigation
Currently online: 18 guests and 0 users:
