Project news

(ANN) SAML V2.0 Kerberos Web Browser SSO Profile V1.0 Committee Specification published

OASIS Members,

We are pleased to announce the approval and publication of an OASIS Committee Specification (CS) by the members of the OASIS Security Services (SAML) TC:

SAML V2.0 Kerberos Web Browser SSO Profile Version 1.0
Committee Specification 01
07 February 2012

Overview:
The SAML V2.0 Kerberos Web Browser SSO Profile allows for transport of assertions using the Kerberos subject confirmation method by standard HTTP user agents with no modification of client software and maximum compatibility with existing deployments. The flow is similar to standard Web Browser SSO, but a Kerberos AP-REQ message is presented by the user agent via the HTTP Negotiate authentication scheme and the Kerberos GSS-API mechanism. The presentation of a valid Kerberos AP-REQ message whose client principal name matches the principal name given in the subject confirmation strengthens the assurance of the resulting authentication context and protects against credential theft.

URIs:
The prose specification document and related files are available here:

Editable Source (Authoritative):
http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.odt

HTML:
http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.html

PDF:
http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.pdf

XML schema:
http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/xsd/

Distribution ZIP files
For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/security/saml/Post2.0/saml-kerberos-browser-sso/v1.0/cs01/saml-kerberos-browser-sso-v1.0-cs01.zip

Members of the OASIS Security Services (SAML) TC [1] requested a Special Majority Vote to approve this specification as a Committee Specification. The specification had been released for public review as required by the TC Process [2]. The vote to approve at Committee Specification (CS) level passed [3], and the approved Committee Specification 01 is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone.

========== Additional references:

[1] OASIS Security Services (SAML) TC
http://www.oasis-open.org/committees/security/

[2] Public reviews
15-day public review, 04 December 2011: http://lists.oasis-open.org/archives/tc-announce/201112/msg00000.html
60-day public review, 16 April 2010: http://lists.oasis-open.org/archives/tc-announce/201004/msg00005.html

[3] CS ballot
http://www.oasis-open.org/committees/ballot.php?id=2174

The work of OASIS is supported by organizations from around the world. Members include:

View all our members