San Francisco, Calif. (RSA Security Conference); 11 April 2003 — The Liberty Alliance Project and OASIS today announced that the Liberty Alliance has contributed its version 1.1 federated network identity specifications to OASIS. The OASIS Security Services Technical Committee requested Liberty’s contribution to permit possible incorporation of Liberty version 1.1 specification features in future versions of the OASIS Open Standard Security Assertion Markup Language (SAML).
SAML, an XML-based security framework for authentication and authorization in Web services, serves as a key underpinning to the Liberty Alliance federated network identity architecture. In keeping with Liberty Alliance’s philosophy to leverage existing open standards whenever possible and build new functionality only if needed, the Alliance incorporated SAML into its Phase 1 specifications introduced in 2002.
The Liberty Alliance chose to extend SAML in version 1.1 to include additional security enhancements vital to identity management, such as opt-in account linking, simple session management and global log-out capabilities. For the benefit of SAML and Liberty implementers and the industry as a whole, Liberty Alliance is providing those extensions back to OASIS for future versions of SAML.
"Collaboration between standards groups enables the Web services industry to move forward at a pace that meets the needs of the market," said Patrick Gannon, president and CEO of OASIS. "As SAML evolves, it makes sense to leverage the work Liberty Alliance has already done in this area. Our mutual goal is to decrease time-to-market for new technology, enhance interoperability between products and drive broader adoption of open standards."
"We will continue to work closely with OASIS as the Liberty Alliance federated identity architecture evolves," said Michael Barrett, president of the Liberty Alliance Management Board and vice president for Internet strategy at American Express. "The Alliance will continue to develop Liberty’s Identity Federation Framework within the consortium, and plans to collaborate closely with OASIS on future enhancements."
"OASIS is a highly-regarded industry association and the OASIS Security Services Technical Committee’s interest in incorporating Liberty’s version 1.1 features into future versions of the SAML standard demonstrates the relevance and credibility of Liberty Alliance’s work," said Dan Blum, Senior Vice President and Research Director at the Burton Group. "It also shows the industry’s willingness to work together to solve some of the barriers impeding the growth of web services."
About the Liberty Alliance Project (www.projectliberty.org) The Liberty Alliance Project is a consortium formed to develop open standards for federated network identity management and identity-based services. The Alliance is made up of 160 members, representing a worldwide cross-section of organizations ranging from educational institutions and government organizations, to service providers and financial institutions, to technology firms and wireless providers. Federated identity will help drive the next generation of the Internet, offering businesses and consumers convenience and choice. Membership is open to all commercial and non-commercial organizations.
About OASIS (http://www.oasis-open.org) OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,000 participants representing over 600 organizations and individual members in 100 countries.
OASIS, Director of Communications
Ketchum PR for Liberty Alliance