As a deployer, you manage a software application accessed daily by thousands of employees or millions of consumers. For every one of them you manage an account record, check credentials, control access to sensitive data or functions, and personalize the application's interface and behavior. For every one of them you go to a lot of trouble and expense to get identity, privacy, and security correct, not just because of the potential upside in user satisfaction and enterprise efficiency, but also because of the potential downside in business-threatening breaches.
Welcome to SAML XML.org.
This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.
The end game for corporate identity architectures is an "identity bus" that off-the-shelf applications can plug into in order to authenticate users and provide access control, according to Microsoft. Stuart Kwan, director of program management for identity and access for Microsoft, used his keynote address at NetPro's Directory Access Conference (DEC) to say that work building identity platforms is far from over and to explore where it might end.
Recent proclamations by Microsoft CEO Steve Ballmer that the company would move toward interoperability and support for standards is putting pressure on the head of the company's directory and identity development to reconsider support for industry standards such as Security Assertion Markup Language that have been long ignored Joe Long, general manager of the connected identity and directory at Microsoft, said during a panel discussion at NetPro's Directory Experts Conference that Microsoft was being forced to re-examine if it would support SAML, the Service Provisioning Markup La
"As part of my work for the National Institute of Informatics and the UPKI initiative, I've been working on a modified Web Browser SSO profile for SAML 2.0 that uses holder-of-key confirmation for the client rather than bearer authentication. The keys for this confirmation are supplied through TLS using client certificates. This results in a more secure sign-on process and, particularly, a more secure resulting session at the SP. There is no need for the SP to do PKI validation or know anything about the client certificate itself.
Asa Hardcastle, OpenLiberty Technical Lead, has announced the beta release of the ID-WSF 2.0 Client Library ("ClientLib") that will help developers more easily build and deploy a wide range of new relying party (identity-consuming) applications. ClientLib uses OpenSAML's Java XML Tooling, SOAP, and SAML2 Libraries.