Showcase for SAML 1.0 Industry Standard
Burton Group's Catalyst Conference to Showcase First Demonstration of SAML 1.0 Industry Standard
OASIS-Sponsored Demo Features Standards-Based Interoperability
Burton Schedules SAML 1.0 TeleBriefing for June 12, 2002
Salt Lake City, UT, USA. June 3, 2002.
Burton Group, a technology-industry pioneer of network research and consulting, will showcase the first public demonstration of standards-based interoperability among SAML 1.0-conformant security software products on July 15  at its annual Catalyst Conference. Sponsored by the Organization for the Advancement of Structured Information Standards (OASIS), the industry standards group that developed the proposed Security Assertion Markup Language (SAML) standard for Web services security, the demonstration will feature products from several network security software vendors.
SAML 1.0 is a proposed OASIS standard for exchanging authentication and authorization information among disparate Web access management and security products. SAML 1.0, which will soon come up for a vote by the full OASIS membership, addresses the need for secure single sign-on (SSO) across diverse Web access management environments implemented across various organizations, applications, Web sites and portals. The proposed standard defines standardized exchanges of identity and access management (IAM) information, leveraging such Web services standards as XML and SOAP.
"SAML is an important security interoperability initiative," said James Kobielus, senior analyst at Burton Group. "Most Web access solution vendors have committed resources to the emerging standard and are in the process of implementing SAML 1.0 in the next releases of their products. OASIS' SAML interoperability demonstration will prove the standard's viability in practice."
"This interoperability demonstration is a milestone in the development and recognition of the SAML 1.0 specification as an open standard," said Prateek Mishra, director of technology at Netegrity, member of the OASIS Security Services Technical Committee (SSTC) and editor of the SAML 1.0 Bindings Specification. "We are pleased with how the industry came together to develop SAML 1.0 and how quickly vendors are implementing the new standard in their products."
The SAML interoperability demonstration will involve several current and future commercial software solutions that support Web SSO, access management and other network security services. As of May 15, 2002, vendors who have indicated their intention to participate in the event are Baltimore Technologies, Crosslogix, Entegrity Solutions, ePeople, Novell, OverXeer, Netegrity, Oblix, RSA Security, Sigaba, Sun Microsystems and Tivoli Systems.
The SAML 1.0 demonstration will feature cross-enterprise SSO across several vendors' Web access management products, which will support consistent vendor implementations of the SAML 1.0 Web Browser profile. In particular, the event will demonstrate the following scenarios:
IAM interoperability: Businesses using different vendors' Web access management products establish trust relationships for the purpose of sharing authentication, attribute and authorization decision information.
Cross-enterprise Web single sign-on: Browsers/users authenticate at "portal" sites and then are able to access Web resources managed under other "content" sites. (The latter sites continue to manage authorization of access to their content. Technically, this will involve bilateral interoperability between different vendors' Web access management platforms with "source" servers operating as portals that provide access to resources at one or more "destination" servers. Users will be able to leverage an assertion produced at their source server over one or more destination servers in the context of a single SSO session.)
Additionally, OASIS SSTC co-founder and participant Hal Lockhart, security architect for Entegrity Solutions, will present a progress report on the SAML 1.0 standard on Tuesday, July 16  at Catalyst Conference. Lockhart will discuss SAML 1.0's status, review the scope and objectives of the previous evening's industry interoperability demonstration, and discuss future directions in the development of the SAML standard.
Information about Catalyst Conference is located at www.burtongroup.com/catalyst.