OASIS Members Demonstrate Support for New Web Access Security Standard at SAML Interoperability Event

IBM, Novell, Oblix, Sun Microsystems, and Other Companies Showcase Standard for Exchanging Authentication and Authorization Information on the Internet

San Francisco, California, USA; 15 July 2002 -- The first public demonstration of the OASIS Security Assertion Markup Language (SAML) was held today at the Catalyst Conference in San Francisco. Twelve vendors, including IBM, Novell, Oblix, Sun Microsystems Inc., Baltimore Technologies, CrossLogix, Entegrity Solutions, ePeople, Overxeer, Netegrity, RSA Security, and Sigaba participated in the event, which demonstrated interoperability of SAML 1.0-conformant security software products.

"SAML is an important security interoperability initiative," said James Kobielus, senior analyst at Burton Group. "Most Web access solution vendors have committed resources to the emerging standard and are in the process of implementing SAML 1.0 in the next releases of their products. The OASIS SAML interoperability demonstration proves the standard's viability in practice."

SAML allows authentication and authorization information to be exchanged among disparate Web access management and security products. The OASIS specification addresses the need for secure single sign-on among diverse Web access management environments implemented across various organizations, applications, Web sites and portals. Defining standardized exchanges of identity and access management information, SAML leverages such Web services standards as XML and SOAP.

"Traditionally, security has been implemented within a single enterprise, but companies are now partnering on the Web to expand the scope and range of their e-business transactions. With SAML, application service providers and end-user companies of all sizes can securely exchange information about users, Web services, and authorization information without requiring partners to change their current security solutions," said Hal Lockhart of Entegrity, member of the OASIS Security Services Technical Committee. He added, "SAML is the common language that defines how different systems can communicate data about security."

"This interoperability demonstration is a milestone in the development and recognition of SAML 1.0 as an open standard," said Patrick Gannon, president and CEO of OASIS. "The event is a testimony to how the industry has come together to develop SAML and how quickly vendors are implementing it in their products."

The SAML specification has been completed and approved by the OASIS Security Services Technical Committee and is now under review by the OASIS membership at-large for consideration as an OASIS Standard. SAML is one of several security standards being developed at OASIS. Other specifications include WS-Security for high-level security services, XACML for access control, XCBF for describing biometrics data, SPML for exchanging provisioning information, and XrML for rights management.

Industry Leaders Support SAML

"Access management vendors are rallying around security standards for interoperability across Web services, helping speed the adoption of dynamic e-business applications," said Arvind Krishna, vice president of security products, Tivoli Software, IBM. "IBM is committed to delivering open standards-based security management that leverages emerging Web services standards like SAML."

"Helping businesses securely connect employees, customers, partners and suppliers across organizational boundaries is at the heart of Novell's one Net vision; and SAML offers a very promising means to make that vision a reality," said Winston Bumpus, director of standards for Novell. "As a passionate supporter of many standards development efforts, we're very pleased to see the cooperation of so many industry leaders in OASIS' SAML Interoperability Demonstration. This event is a very important step toward the completion and acceptance of the SAML standard, and its potential to improve and secure online business relationships."

"Oblix has always been a strong advocate of open standards, and we are excited to demonstrate our commitment to SAML," says Nand Mulchandani, Oblix co-founder and chief technology officer. "SAML is another key piece of our comprehensive Federation Services, which facilitates the federation of identity services across corporate boundaries. Our focus continues to be on providing our customers the ability to easily integrate Oblix solutions into their existing environments."

"This is a major step forward for the industry as SAML helps further the evolution of Web services security by enabling heterogeneous interoperability between vender solutions," said Andy Eliopoulos, director of product marketing, network identity, Sun Microsystems, Inc. "Sun is committed to developing and supporting open standards that enable enterprises to more easily and cost-effectively deploy end-to-end identity services across value networks."

About OASIS

OASIS (http://www.oasis-open.org) is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. OASIS has more than 400 corporate and individual members in 100 countries around the world.

For more information:
Carol Geyer
Director of Communications
OASIS
carol.geyer@oasis-open.org
+1.978.667.5115 x209