OASIS SAML Interoperability Lab Demonstrates Single Sign-On for GSA E-Gov's E-Authentication Initiative

Computer Associates, DataPower Technology, Entrust, Hewlett-Packard, Oblix, OpenNetwork, RSA Security, Sun Microsystems, and Others Showcase Authentication and Authorization Standard at RSA Conference

San Francisco, CA, USA; 2004 RSA Conference; 25 February 2004 -- Eleven vendors teamed with the U.S. General Service Administration (GSA) E-Gov E-Authentication Initiative to demonstrate interoperability of the Security Assertion Markup Language (SAML), an OASIS Standard for the exchange of authentication and authorization information. For the first time ever, members of the OASIS Security Services Technical Committee demonstrated both types of SAML version 1.1 Single Sign-On, along with additional scenarios that highlight SAML's flexibility.

The OASIS SAML Interoperability Lab, sponsored by GSA, hosted by RSA Security, and co-sponsored by Sun Microsystems, used three separate scenarios to simulate interaction between a government or enterprise portal and sites from typical content or service providers.

The GSA E-Authentication Initiative is committed to delivering open standards-based authentication solutions to U.S. government agencies. Currently, E-Authentication is working with products that are interoperable using the SAML 1.0 protocol. According to Steve Timchak, E-Authentication Program Manager, "Interoperability among products is a key to the federated approach adopted by the E-Authentication Initiative. Additional protocols will emerge and become viable standards in the E-Authentication environment as federated authentication evolves. Sponsoring the SAML 1.1 Interoperability Lab is part of E-Authentication's commitment to this evolution."

"We have validated SAML's strong traction in the marketplace in several reports this year and in work with our client base, estimating it is in use at between 100 and 200 organizations worldwide," said Dan Blum, Senior Vice President and Research Director, Burton Group. "SAML is a proven standard offering implementers opportunities for productivity gains, cost savings, risk transference, or competitive advantage. Additional work on nailing down interoperability will enhance SAML's value to customers, and we are pleased to see 11 vendors participate in the RSA Conference interoperability event."

"SAML 1.1 succeeds in establishing a basis for federated identity, an environment where attention to interoperability is imperative," said Robert Philpott of RSA Security, co-chair of the OASIS Security Services Technical Committee. Philpott, together with fellow co-chair, Prateek Mishra of Netegrity, pointed to SAML adoption by Liberty Alliance, the Internet2/MACE Shibboleth project, and OASIS WS-Security, as signs of widespread implementation in the industry.

Vendors Collaborate on SAML Interoperability

Computer Associates
"As organizations continue to move more business transactions online, the importance of the SAML standard grows exponentially. Computer Associates embraces open standards, and we are fully committed to delivering security management solutions built upon these standards to empower secure federated identity management. New standards such as SAML, Liberty, and SPML allow organizations to securely provision, validate, and pass identity and authorization information, thereby reducing end-user management costs while enhancing the support and deployment of Web services," said Gavenraj Sodhi, product manager for eTrust Security Management solutions at CA.

"Our participation in the OASIS SAML Interoperability Lab showcases our ongoing commitment to the advancement of open standards as well as our support for the US Federal Government E-Authentication initiative," said Chris Voice, vice-president, Secure Identity Management Solutions, Entrust, Inc. "SAML interoperability is key to enabling business and government to extend application architectures and leverage the efficiencies of broad single sign-on in a federated environment."

"Oblix is completely dedicated to interoperability between systems," said Prakash Ramamurthy, vice president of products & technology, Oblix. "Oblix has both endorsed and invested in open standards such as SPML and SAML, and drove the industry's first and most robust deployment using the SAML specification. Customers benefit the most from products that adhere to open standards, and we support that model as the only cost-effective way to connect people, resources and systems."

"This event validates the value of industry standards such as SAML and their importance to achieving better interoperability among disparate platforms and across company borders. We're able to show with more clarity than ever before how an enterprise can extend its reach safely, quickly and cost-effectively without having to abandon its existing infrastructure investments," said Bob Worner, vice president of engineering at OpenNetwork.

RSA Security
"The new business opportunities and cost savings that SAML enables are driving its rapid acceptance as a standard among software vendors and enterprise customers," said Jason Lewis, vice president of product management and marketing at RSA Security. "Having contributed technology to the initial SAML effort and being one of the first to offer a solution that supports the current version, SAML 1.1, RSA Security is pleased to be a part of the value that it is creating."


OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, conformance, business transactions, electronic publishing, topic maps and interoperability within and between marketplaces. Founded in 1993, OASIS has more than 2,500 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

Additional information:

OASIS Security Services Technical Committee

GSA eAuthentication Program

Press contact:
Carol Geyer
Director of Communications
+1.978.667.5115 x209