Token translation using SAML is now quite an established way to allow applications in one security domain to communicate with applications in another security domain, on behalf of a user whole identity does not have to also flow with the data. For more info go to Vordel's government page and then click on "Secure Cross-Domain".
The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
News
News lets the community share announcements, press releases, and recommended news articles relevant to SAML. (Educational materials that are not time-sensitive are listed at Articles and white papers.)
Using Token Translation and SAML to Link Domains
Signify's 2FA Hosted Service Provides Secure Access to SaaS Apps
As the demand for Software as a Service applications continues to grow, two-factor authentication (or "2FA") provider Signify (www.signify.net) has extended its 2FA hosted services to provide secure access to cloud-based applications including Salesforce.com and Google Apps. Two-factor authentication is becoming the de-facto standard for remote access to server-based business applications, yet most SaaS solutions still only provide authentication with static passwords that can be easily compromised, according to Signify's Wednesday announcement.
PortWise 4.8 delivers PortForwarding, Digital Signatures, Extended Cloud Security
PortWise announced a new version of its Identity and Access Management product
suite. The new release is focused on extending application support,
enabling digital signatures and extending cloud security options. Highlights of the new version include:
Extended Cloud Access and SSO – End users need not be concerned from
where applications and services are deployed. PortWise Cloud Access and
SSO enable organizations to integrate cloud computing into their
enterprise network.
Triple-strength protection for Google Apps accounts
TriCipher announced that it has integrated the VeriSign Identity Protection Service to offer secure single sign-on and strong authentication for Google Apps with mobile one-time-password credentials from VeriSign. To promote this capability, TriCipher and VeriSign are offering free strong authentication using VIP mobile OTP credentials to businesses using Google Apps Premier Edition. TriCipher's myOneLogin Secure Single Sign-On service helps protect businesses using Google Apps from the risks of phishing and stolen passwords.
Ping Identity Unveils PingFederate Express
Ping Identity® today announced PingFederate Express™, an Internet Single Sign-On (SSO) “endpoint” solution for Service Providers who need to quickly and cost-effectively establish a SAML connection with a PingFederate Identity Provider. PingFederate Express delivers enterprise-class performance, reliability and security, with no additional hardware, federated identity expertise or ongoing maintenance required.