The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Welcome to SAML XML.org.

This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.

Federated Identity Through the Eyes of the Deployer

As a deployer, you manage a software application accessed daily by thousands of employees or millions of consumers. For every one of them you manage an account record, check credentials, control access to sensitive data or functions, and personalize the application's interface and behavior. For every one of them you go to a lot of trouble and expense to get identity, privacy, and security correct, not just because of the potential upside in user satisfaction and enterprise efficiency, but also because of the potential downside in business-threatening breaches.

Read more

Microsoft: Identity bus is end game for successful identity systems

The end game for corporate identity architectures is an "identity bus" that off-the-shelf applications can plug into in order to authenticate users and provide access control, according to Microsoft. Stuart Kwan, director of program management for identity and access for Microsoft, used his keynote address at NetPro's Directory Access Conference (DEC) to say that work building identity platforms is far from over and to explore where it might end.

Read more

Microsoft's directory team forced to reconsider ignored standards

Recent proclamations by Microsoft CEO Steve Ballmer that the company would move toward interoperability and support for standards is putting pressure on the head of the company's directory and identity development to reconsider support for industry standards such as Security Assertion Markup Language that have been long ignored Joe Long, general manager of the connected identity and directory at Microsoft, said during a panel discussion at NetPro's Directory Experts Conference that Microsoft was being forced to re-examine if it would support SAML, the Service Provisioning Markup La

Read more

Holder-of-Key Web Browser SSO Profile

"As part of my work for the National Institute of Informatics and the UPKI initiative, I've been working on a modified Web Browser SSO profile for SAML 2.0 that uses holder-of-key confirmation for the client rather than bearer authentication. The keys for this confirmation are supplied through TLS using client certificates. This results in a more secure sign-on process and, particularly, a more secure resulting session at the SP. There is no need for the SP to do PKI validation or know anything about the client certificate itself.

Read more

Beta Release: ID-WSF 2.0 Web Services Client Library

Asa Hardcastle, OpenLiberty Technical Lead, has announced the beta release of the ID-WSF 2.0 Client Library ("ClientLib") that will help developers more easily build and deploy a wide range of new relying party (identity-consuming) applications. ClientLib uses OpenSAML's Java XML Tooling, SOAP, and SAML2 Libraries.

Read more

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I