The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Welcome to SAML XML.org.

This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.

OASIS seeks comments on draft charter for Cross-Enterprise Security and Privacy Authorization TC

OASIS members have published a draft charter for a proposed "Cross-Enterprise Security and Privacy Authorization (XSPA) Technical Committee" healthcare enterprises. The XSPA profile would provide a mechanism to exchange privacy policies, consent directives and authorizations in an interoperable manner. The need for an XSPA profile has been identified by the security and privacy working group of the Healthcare Information Technology Standards Panel (HITSP).

Read more

Call for Participation: ACM Workshop on Secure WS

Organizers of the 2008 ACM Workshop on Secure Web Services (SWS) have issued a call for participation in the workshop, to be held 31 October 2008 in Fairfax, VA, USA in conjunction with the Fifteenth ACM Conference on Computer and Communications Security (CCS-15). The SWS workshop will explore basic security protocols for Web Services, such as XML Security, the WS-* series of proposals, SAML, and XACML. The workshop will provide a forum for presenting research results, practical experiences, and innovative ideas in web services security.

Read more

Microsoft New Zealand, Datacom and States Services Commission collaborate on Digital Identity Project

The State Services Commission has completed a four-month project with the Microsoft Innovation Centre and Datacom, aimed at integrating its new ‘ Shared Services’ element of the Government’s Authentication Programme with Microsoft’s Windows Cardspace. This project was one of the first in the world to attempt to integrate Windows Cardspace with the SAML standard.

Read the full article at Geekzone .

Read more

UK Access Management Federation reports rapid growth

The UK Access Management Federation has reported rapid growth as the deadline approaches for the further education (FE) and higher education (HE) sectors and the publishing industry to decide on future access to learning materials. Education institutions and publishers have until July 31st to join the Federation. Joining the Federation offers members the option to transition to new open standard access management systems that are SAML compliant, such as Shibboleth.

Read the full article at Response Report .

Read more

SAML, JAAS, & Role-Based Access Control

Web service clients can be implemented as JavaServer Pages, servlets, or Java applications, or as executables written in C++, Perl, Visual Basic, JavaScript. A truly ubiquitous protocol. In this article, I use a Java application as a Web service client and show how to secure that client from an authentication and authorization standpoint via Role-based Access Control (RBAC). Basically, role-based authorization is achieved by using:

Read more

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I