GSA Mandates Liberty Alliance SAML 2.0 Interoperability Testing

U.S. GSA Requires Liberty Alliance Interoperability Testing as Public Sector SAML 2.0 Adoption Soars

Liberty Alliance. October 29, 2007.

Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced that the E-Authentication Solution program of the U.S. General Services Administration (GSA) now mandates passing Liberty Alliance SAML 2.0 interoperability testing as a prerequisite for participating in the US E-Authentication Identity Federation.

This news comes as governments around the world build and deploy SAML 2.0-based applications to offer millions of citizens secure and privacy-respecting online services and to provide businesses and public sector trading partners with an open, proven interoperable and trusted platform for conducting and managing a wide variety of identity-based transactions.

Countries building and deploying identity-based applications using Liberty Federation, which consists of ID-FF 1.1, 1.2 and SAML 2.0 specifications, include Austria, Australia, France, Finland, Germany, Iceland, Ireland, Italy, Japan, New Zealand, Norway, countries in the Middle East, Portugal, Spain, Sweden, the United Kingdom, and the United States.

These countries are relying on Liberty Federation to better meet business goals and regulatory requirements and to ensure users are provided with the highest levels of security and privacy protection across federations spanning sectors and regional, national and international boundaries. Liberty Alliance maintains a digital map and listing of countries deploying Liberty Federation.

GSA Sets the Pace for Advancing Trusted SAML 2.0 Federations

The decision by the E-Authentication Solution to require Liberty Alliance SAML 2.0 interoperability testing for vendors participating in the US E-Authentication Identity Federation is furthering the deployment of trusted inter-federations among governments and private sector organizations worldwide. Originally launched in 2002 as part of the President's Management Agenda, the E-Authentication Solution assists federal agencies in mitigating the security and privacy risks associated with e-government and helps control government costs associated with authenticating large numbers of end users. E-Authentication Solution's move to have vendors pass Liberty Alliance testing recognizes the important role interoperability plays in advancing the deployment of trusted identity federations. More information about E-Authentication Solution's SAML 2.0 interoperability requirements is available at:

http://www.cio.gov/eauthentication/

"Proven interoperability of vendor products is critical to advancing trusted identity federations quickly and on the widest possible scale," said Tom Kireilis, Acting Program Executive, E-Authentication Solution, GSA. "The E-Authentication Solution is requiring vendors to pass Liberty Alliance SAML 2.0 interoperability testing to help ensure products interoperate from day one and provide immediate and long-term business value to US Government Agencies."

Liberty Interoperable: Ensuring Wide Scale Interoperability

Liberty Alliance is the only global identity organization with a history of testing vendor products for true interoperability of identity specifications. Since launching the Liberty Interoperable program in 2003, nearly 80 identity products and solutions from vendors around the world have passed Liberty Alliance interoperability testing for Liberty Federation, Liberty Web Services and Liberty People Service specifications. Committed to always expanding the program to meet the growing interoperability requirements of deploying organizations worldwide, Liberty Alliance recently selected Drummond Group Inc. to offer a variety of new Internet and full-matrix testing capabilities.

In addition to robust interoperability testing, Liberty Alliance holds public workshops to review vertical specific profile requirements such as those required by the E-Authentication Solution, where all vendors are invited to attend. A list of the products that have passed Liberty Alliance interoperability testing to date is available.

"Today's news reinforces SAML 2.0 as the standard-of-choice for identity-based applications requiring proven interoperability and the highest levels of security and privacy protection," said Roger Sullivan, president of the Liberty Alliance Management Board and vice president of Oracle Identity Management. "SAML.2.0 is providing organizations in every sector with an open, secure and flexible foundation for advancing trusted inter-federations on a global scale."

About Liberty Alliance

Liberty Alliance is the only global identity organization with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trusted Internet by addressing the technology, business and privacy aspects of digital identity management. The Liberty Alliance Management Board consists of representatives from AOL, Ericsson, Fidelity Investments, France Telecom, HP, Intel, Novell, NTT, Oracle, and Sun Microsystems. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty Federation (SAML 2.0), Liberty Web Services, OpenID and WS specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org.

Background on E-Authentication Solution and the US E-Authentication Identity Federation

From the CIO.gov web site:

Originally launched in 2002 as the E-Authentication Initiative and as part of the President's Management Agenda, the E-Authentication Solution assists Federal agencies in meeting two primary goals:

Mitigate the security and privacy risks associated with electronic government by allowing government agencies to develop trust relationships with their respective user communities through the use of electronic identity credentials (e.g., PKI certificates; user IDs/passwords) issued by other agencies and commercial organizations.

Control costs associated with authenticating the identity of a large number of end users by eliminating the need for each agency to create and maintain a separate credentialing system for each of their online applications.

To achieve these two primary goals, the E-Authentication Solution created the US E-Authentication Identity Federation which allows Federation members to recognize and trust log-in IDs that are issued by other trusted Federation members. The trusted members that issue these log-in IDs may be other government agencies, academic institutions, or commercial entities, such as banks or other financial services institutions.

The policy issued by OMB in Memorandum M-04-04 and by the National Institute of Standards and Technology in Special Publication 800-63 (NIST SP 800-63), and industry standards such as the Security Assertion Markup Language (SAML), form the foundation of the Federation. Together these foundational pieces provide agencies a policy-compliant and standards-based framework for authentication and identity services that enable the reuse of identity credentials across government applications. The E-Authentication Solution Program Management Office (PMO) provides agencies with the technical assistance and operational support needed to function successfully within the Federation.

Through the US E-Authentication Identity Federation an American citizen will be able to access government services online using a log-in ID they already have from a Web site they trust, rather than having to create another user ID and password.

[Source]

Prepared by Robin Cover for The XML Cover Pages archive. See also SAML references.

SEARCH Advanced Search ABOUT Site Map CP RSS Channel Contact Us Sponsoring CP About Our Sponsors NEWS Cover Stories Articles & Papers Press Releases CORE STANDARDS XML SGML Schemas XSL/XSLT/XPath XLink XML Query CSS SVG TECHNOLOGY REPORTS XML Applications General Apps Government Apps Academic Apps EVENTS LIBRARY Introductions FAQs Bibliography Technology and Society Semantics Tech Topics Software Related Standards Historic	GSA Mandates Liberty Alliance SAML 2.0 Interoperability Testing U.S. GSA Requires Liberty Alliance Interoperability Testing as Public Sector SAML 2.0 Adoption Soars Liberty Alliance. October 29, 2007. Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced that the E-Authentication Solution program of the U.S. General Services Administration (GSA) now mandates passing Liberty Alliance SAML 2.0 interoperability testing as a prerequisite for participating in the US E-Authentication Identity Federation. This news comes as governments around the world build and deploy SAML 2.0-based applications to offer millions of citizens secure and privacy-respecting online services and to provide businesses and public sector trading partners with an open, proven interoperable and trusted platform for conducting and managing a wide variety of identity-based transactions. Countries building and deploying identity-based applications using Liberty Federation, which consists of ID-FF 1.1, 1.2 and SAML 2.0 specifications, include Austria, Australia, France, Finland, Germany, Iceland, Ireland, Italy, Japan, New Zealand, Norway, countries in the Middle East, Portugal, Spain, Sweden, the United Kingdom, and the United States. These countries are relying on Liberty Federation to better meet business goals and regulatory requirements and to ensure users are provided with the highest levels of security and privacy protection across federations spanning sectors and regional, national and international boundaries. Liberty Alliance maintains a digital map and listing of countries deploying Liberty Federation. GSA Sets the Pace for Advancing Trusted SAML 2.0 Federations The decision by the E-Authentication Solution to require Liberty Alliance SAML 2.0 interoperability testing for vendors participating in the US E-Authentication Identity Federation is furthering the deployment of trusted inter-federations among governments and private sector organizations worldwide. Originally launched in 2002 as part of the President's Management Agenda, the E-Authentication Solution assists federal agencies in mitigating the security and privacy risks associated with e-government and helps control government costs associated with authenticating large numbers of end users. E-Authentication Solution's move to have vendors pass Liberty Alliance testing recognizes the important role interoperability plays in advancing the deployment of trusted identity federations. More information about E-Authentication Solution's SAML 2.0 interoperability requirements is available at: http://www.cio.gov/eauthentication/ "Proven interoperability of vendor products is critical to advancing trusted identity federations quickly and on the widest possible scale," said Tom Kireilis, Acting Program Executive, E-Authentication Solution, GSA. "The E-Authentication Solution is requiring vendors to pass Liberty Alliance SAML 2.0 interoperability testing to help ensure products interoperate from day one and provide immediate and long-term business value to US Government Agencies." Liberty Interoperable: Ensuring Wide Scale Interoperability Liberty Alliance is the only global identity organization with a history of testing vendor products for true interoperability of identity specifications. Since launching the Liberty Interoperable program in 2003, nearly 80 identity products and solutions from vendors around the world have passed Liberty Alliance interoperability testing for Liberty Federation, Liberty Web Services and Liberty People Service specifications. Committed to always expanding the program to meet the growing interoperability requirements of deploying organizations worldwide, Liberty Alliance recently selected Drummond Group Inc. to offer a variety of new Internet and full-matrix testing capabilities. In addition to robust interoperability testing, Liberty Alliance holds public workshops to review vertical specific profile requirements such as those required by the E-Authentication Solution, where all vendors are invited to attend. A list of the products that have passed Liberty Alliance interoperability testing to date is available. "Today's news reinforces SAML 2.0 as the standard-of-choice for identity-based applications requiring proven interoperability and the highest levels of security and privacy protection," said Roger Sullivan, president of the Liberty Alliance Management Board and vice president of Oracle Identity Management. "SAML.2.0 is providing organizations in every sector with an open, secure and flexible foundation for advancing trusted inter-federations on a global scale." About Liberty Alliance Liberty Alliance is the only global identity organization with a membership base that includes technology vendors, consumer service providers and educational and government organizations working together to build a more trusted Internet by addressing the technology, business and privacy aspects of digital identity management. The Liberty Alliance Management Board consists of representatives from AOL, Ericsson, Fidelity Investments, France Telecom, HP, Intel, Novell, NTT, Oracle, and Sun Microsystems. Liberty Alliance works with identity organizations worldwide to ensure all voices are included in the global identity discussion and regularly holds and participates in public events designed to advance the harmonization and interoperability of CardSpace, Liberty Federation (SAML 2.0), Liberty Web Services, OpenID and WS specifications. More information about Liberty Alliance as well as information about how to join many of its public groups and mail lists is available at www.projectliberty.org. Background on E-Authentication Solution and the US E-Authentication Identity Federation From the CIO.gov web site: Originally launched in 2002 as the E-Authentication Initiative and as part of the President's Management Agenda, the E-Authentication Solution assists Federal agencies in meeting two primary goals: Mitigate the security and privacy risks associated with electronic government by allowing government agencies to develop trust relationships with their respective user communities through the use of electronic identity credentials (e.g., PKI certificates; user IDs/passwords) issued by other agencies and commercial organizations. Control costs associated with authenticating the identity of a large number of end users by eliminating the need for each agency to create and maintain a separate credentialing system for each of their online applications. To achieve these two primary goals, the E-Authentication Solution created the US E-Authentication Identity Federation which allows Federation members to recognize and trust log-in IDs that are issued by other trusted Federation members. The trusted members that issue these log-in IDs may be other government agencies, academic institutions, or commercial entities, such as banks or other financial services institutions. The policy issued by OMB in Memorandum M-04-04 and by the National Institute of Standards and Technology in Special Publication 800-63 (NIST SP 800-63), and industry standards such as the Security Assertion Markup Language (SAML), form the foundation of the Federation. Together these foundational pieces provide agencies a policy-compliant and standards-based framework for authentication and identity services that enable the reuse of identity credentials across government applications. The E-Authentication Solution Program Management Office (PMO) provides agencies with the technical assistance and operational support needed to function successfully within the Federation. Through the US E-Authentication Identity Federation an American citizen will be able to access government services online using a log-in ID they already have from a Web site they trust, rather than having to create another user ID and password. [Source] Prepared by Robin Cover for The XML Cover Pages archive. See also SAML references.