The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Welcome to SAML

This is the official community gathering place and information resource for the SAML OASIS Standard. SAML provides an XML-based framework for creating and exchanging security information between online partners. This is a community-driven site, and the public is encouraged to contribute content.

ZXID Identity Management toolkit implements standalone SAML 2.0 and Liberty ID-WSF 2.0 stacks. It is a C implementation with minimal external dependencies - OpenSSL, CURL, and zlib - ensuring easy deployment (no DLLhell). Due to its small footprint and efficient and accurate schema driven implementation, it is suitable for embedded and high volume applications. Language bindings to all popular highlevel languages such as PHP, Perl, and Java, are provided via SWIG. ZXID implements, as of July 07, SP, WSC, and WSP roles.

Read more

OpenLiberty ID-WSF ClientLib Project Releases Alpha Code

Asa Hardcastle, Technical Lead for the openLiberty ID-WSF ClientLib Project, announced that the ClientLib Alpha is now available online. The ClientLib uses OpenSAML's Java XML Tooling, SOAP, and SAML2 Libraries. The Identity Web Services Framework (ID-WSF) is a set of open specifications for interoperable, secure, identity-enabled Web services.

Read more

Cover Pages: Document Format for Expressing Authorization Policies to Tackle Spam for Internet Telephony

Members of the IETF SIPPING Working Group have published an updated draft defining SPIT authorization documents that use SAML. The problem of SPAM for Internet Telephony (SPIT) is an imminent challenge and only the combination of several techniques can provide a framework for dealing with unwanted communication. The responsibility for filtering or blocking calls can belong to different elements in the call flow and may depend on various factors.

Read more

Liberty Alliance Publishes SAML 2.0 Interoperability Testing Matrix

Liberty Alliance announced that products from Hewlett-Packard, IBM, RSA (The Security Division of EMC), Sun Microsystems, and Symlabs, Inc. have passed Liberty Alliance testing for SAML 2.0 interoperability. SAML Version 2.0 was approved as an OASIS Standard in March 2005. Products and services passing SAML 2.0 interoperability testing included: Hewlett-Packard's HP Select Federation 7.0; IBM's Tivoli Federated Identity Manager, version 6.2; RSA's Federated Identity Manager 4.0; Sun Microsystems' Java System Federated Access Manager 8.0; Symlabs Inc's Federated Identity Suite version 3.3.0.

Read more

(Draft) Technical Comparison: OpenID and SAML

Yesterday, I posted this recent brief article..(Draft) Technical Comparison: OpenID and SAML
..and document..draft-hodges-saml-openid-compare-05.html
..that folks who read these pages may find interesting.

Read more Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I