Project news

Call for Consent for #SAML V2.0 Metadata Interoperability Profile V1.0 and SAML V2.0 Metadata Extensions for Login and Discovery User Interface V1.0 as OASIS Standards

The Security Services (SAML) TC members [1] have approved submitting the following Candidate OASIS Standard to the OASIS Membership in a call for consent for OASIS Standard:

– SAML V2.0 Metadata Interoperability Profile Version 1.0
Candidate OASIS Standard 01
11 July 2019

– SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0
Candidate OASIS Standard 01
11 July 2019

This Call for Consent is taking place under the TC Process rules [2]. This is a call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however, your consent is assumed unless you register an objection [3]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC’s mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent.

This Committee Specification was approved by the Technical Committee and was submitted for the required 60-day public review [4]. All requirements of the OASIS TC Process having been met [5][6], the Candidate OASIS Standard is now submitted to the voting representatives of OASIS Organizational Members.

— Details —

The Call for Consent opens at 11 October 2019 00:00 UTC and closes on 24 October 2019 23:59 pm UTC. You can access the ballot at:

Internal link for voting members: https://www.oasis-open.org/apps/org/workgroup/voting/ballot.php?id=3433

Publicly visible link: https://www.oasis-open.org/committees/ballot.php?id=3433

OASIS members should ensure that their organization’s voting representative responds according to the organization’s wishes. If you do not know the name of your organization’s voting representative is, go to the My Account page at

http://www.oasis-open.org/members/user_tools

then click the link for your Company (at the top of the page) and review the list of users for the name designated as “Primary”.

— About the COSs —

SAML, from the Security Services (SAML) TC [1], is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

The Metadata Interoperability Profile v1.0 describes a set of rules for SAML metadata producers and consumers to follow such that federated relationships can be interoperably provisioned, and controlled at runtime in a secure, understandable, and self-contained fashion.

The Metadata Extensions for Login and Discovery User Interface v1.0 define a set of extensions to SAML metadata that provide information necessary for user agents to present effective user interfaces and, in the case of identity provider discovery, recommend appropriate choices to the user.

The TC has received 3 Statements of Use from the Shibboleth Consortium, Internet2, and SUNET [2].

URIs:

The prose specification document and related files are available here:

– SAML V2.0 Metadata Interoperability Profile Version 1.0
Candidate OASIS Standard 01
11 July 2019

Editable source (Authoritative):
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cos01.odt

HTML:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cos01.html

PDF:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cos01.pdf

– SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0
Candidate OASIS Standard 01
11 July 2019

Editable source (Authoritative):
https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/sstc-saml-metadata-ui-v1.0-cos01.odt

HTML:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/sstc-saml-metadata-ui-v1.0-cos01.html

PDF:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/sstc-saml-metadata-ui-v1.0-cos01.pdf

XML schema:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/xsd/

Distribution ZIP files:

For your convenience, OASIS provides a complete package of the prose specifications and related files in ZIP distribution files. You can download the ZIP files here:

https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cos01.zip

https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/sstc-saml-metadata-ui-v1.0-cos01.zip

— Additional information —

[1] Security Services (SAML) TC
https://www.oasis-open.org/committees/security/

TC IPR page
https://www.oasis-open.org/committees/security/ipr.php

[2] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

[3] SAML TC comment mailing list: security-services-comment@lists.oasis-open.org
(You must be subscribed to send to this list. To subscribe, see https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=security.)

SAML TC main mailing list: security-services@lists.oasis-open.org

[4] Candidate OASIS Standard Special Majority Vote:
https://www.oasis-open.org/committees/ballot.php?id=3412

[5] Public reviews:

– 60-day public review, 07 August 2019:
https://lists.oasis-open.org/archives/members/201908/msg00002.html
– Comment resolution logs:
https://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-iop-cos01-comment-resolution-log.txt

https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cos01/sstc-saml-metadata-ui-cos01-comment-resolution-log.txt

– 30-day public review, SAML V2.0 Metadata Interoperability Profile Version 1.0, 26 March 2009:
https://lists.oasis-open.org/archives/members/200903/msg00002.html
– Comment resolution log:
N/A

– 30-day public review, SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0, 14 October 2011:
https://lists.oasis-open.org/archives/members/201110/msg00004.html
– Comment resolution log:
N/A

– 15-day public review, 16 February 2012:
https://lists.oasis-open.org/archives/members/201202/msg00006.html
– Comment resolution log:
N/A

[6] Statements of Use:

– Shibboleth Consortium – https://lists.oasis-open.org/archives/security-services-comment/201903/msg00001.html

– Internet2 – https://lists.oasis-open.org/archives/security-services-comment/201903/msg00005.html

– SUNET (Swedish University Network) – https://lists.oasis-open.org/archives/security-services/201903/msg00007.html