Here’s someone — Phil Duba — out in the wide web-developer world who’s picked up the SAML specs, largely figured them out, and is working on integrating it (SAML-based SSO) into sites built with Cold Fusion…
SAML and ColdFusion – Part 1
http://www.philduba.com/index.cfm/2006/12/29/SAML-and-ColdFusion–Part-1SAML and ColdFusion – Part 2
http://www.philduba.com/index.cfm/2007/2/9/SAML-and-ColdFusion–Part-2
Cool Stuff.
The procedings of the 2006 OASIS Adoption Forum (28, 29-Nov-2006, London) are here..
OASIS Adoption Forum
http://www.oasis-open.org/events/adoptionforum2006/proceedings.php
SAML figures prominently in many of the talks. Below, I’ve sorted the talks by whether they are discussing actual SAML implementations and/or deployments, planning to use SAML, or the talk references SAML in context.
The presos, unto themselves, illustrate a large and growing SAML deployment community, apparently amounting to millions of identities in aggregate, in the near future if not now. Of course, they are just illustrating a tip of the iceberg, e.g. the extensive Shib-based community, enterprise deployments, etc are not necessarily reflected here.
Deployments/Implementations Employing SAML…
Keynote Presentation – The NHS, Standards, Security & Identity Management
Mark D. Ferrar
Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution
Maarten Koopmans
The Role of SAML for Identity Management in the Danish Public Sector
Søren Peter Nielsen
Deployments planning to employ SAML…
Case Study: The British Columbia Attorney General implementation of Web Services Security
Toufic Boubez
References to/of SAML…
The Need of SDO Collobaration as an Enabler of SOA in NGN
Abbie Barbir
Towards Trusted Web Services
Kevin Blackman (see slide 28)
Practical Cases of One e-Identity for Different Web-Solutions
Zivko Lazarov
ITU-T Presentation
Georges Sebek
Of course these reference SAML…
XML Security Standards: Overview for the Non-Specialist
Hal Lockhart
Extensible Access Control Markup Language (XACML) Update
Hal Lockhart
[at time of writing this post, the content of the above two .ppt files was reversed relative to their labeling on the web page (and above). i reported the bug, it may be resolved at some point. I’ll update this page if necessary once the proceedings page is fixed.]
I did a cursory analysis of the number of current (as of 4-Oct-2006) IETF Internet-Drafts (I-Ds) that reference or employ SAML, and to what extent they do so. The executive summary of my findings is (click here to skip intro):
SUBSTANTIVE SAML employment: 8 I-Ds Some SAML Incorporation: 10 '' SAML referenced 'in passing': 10 ''
Seems to me this is a non-trivial number and that SAML is acquiring some decent traction there.
My overall analysis write-up is here, it lists the I-Ds my simple grepping turned up, as well as the bits of text where the term SAML occurs.
It turns out the Google has implemented SAML-based single sign-on in their Google Search Appliance gizmo.