The first day of a San Francisco Catalyst Conference organized by the Burton Group is focused upon 'Building Secure Relationships Through Directory and Identity Management'. A SAML Interoperability Event was also held as part of the conference. According to the announcement, the first public demonstration of the OASIS Security Assertion Markup Language (SAML) "was held Monday at the Catalyst Conference in San Francisco. Twelve vendors, including IBM, Novell, Oblix, Sun Microsystems Inc., Baltimore Technologies, CrossLogix, Entegrity Solutions, ePeople, Overxeer, Netegrity, RSA Security, and Sigaba participated in the event, which demonstrated interoperability of SAML 1.0-conformant security software products. SAML allows authentication and authorization information to be exchanged among disparate Web access management and security products. The OASIS specification addresses the need for secure single sign-on among diverse Web access management environments implemented across various organizations, applications, Web sites and portals. Defining standardized exchanges of identity and access management information, SAML leverages such Web services standards as XML and SOAP."

Conference Overview

• Day One - Building Secure Relationships: Directory and Identity Management
• Day Two - Securing the Portal: Policy-based Access Management and Enforcement
• Day Three - Web Services: Myths and Realities

The Burton Group's Catalyst Conference is "an annual, three-day event that focuses on relevant, critical network and applications infrastructure issues. The only conference of its kind, Catalyst brings together vendors, end users and analysts/consultants in a dynamic and intimate forum. This industry-shaping conference is well known for its end-user-driven agenda, intense focus and high-profile speakers. Since the first conference in 1993, Catalyst has reinforced Burton Group's reputation for substance, timeliness, credibility and integrity..."

From the SAML Interop Event announcement:

"SAML is an important security interoperability initiative," said James Kobielus, senior analyst at Burton Group. "Most Web access solution vendors have committed resources to the emerging standard and are in the process of implementing SAML 1.0 in the next releases of their products. The OASIS SAML interoperability demonstration proves the standard's viability in practice."

"Traditionally, security has been implemented within a single enterprise, but companies are now partnering on the Web to expand the scope and range of their e-business transactions. With SAML, application service providers and end-user companies of all sizes can securely exchange information about users, Web services, and authorization information without requiring partners to change their current security solutions," said Hal Lockhart of Entegrity, member of the OASIS Security Services Technical Committee. He added, "SAML is the common language that defines how different systems can communicate data about security."

"This interoperability demonstration is a milestone in the development and recognition of SAML 1.0 as an open standard," said Patrick Gannon, president and CEO of OASIS. "The event is a testimony to how the industry has come together to develop SAML and how quickly vendors are implementing it in their products."

The SAML specification has been completed and approved by the OASIS Security Services Technical Committee and is now under review by the OASIS membership at-large for consideration as an OASIS Standard. SAML is one of several security standards being developed at OASIS. Other specifications include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data, SPML for exchanging provisioning information, and XrML for rights management.