December 13th, 2006

The procedings of the 2006 OASIS Adoption Forum (28, 29-Nov-2006, London) are here..

OASIS Adoption Forum
http://www.oasis-open.org/events/adoptionforum2006/proceedings.php

SAML figures prominently in many of the talks. Below, I’ve sorted the talks by whether they are discussing actual SAML implementations and/or deployments, planning to use SAML, or the talk references SAML in context.

The presos, unto themselves, illustrate a large and growing SAML deployment community, apparently amounting to millions of identities in aggregate, in the near future if not now. Of course, they are just illustrating a tip of the iceberg, e.g. the extensive Shib-based community, enterprise deployments, etc are not necessarily reflected here.

Deployments/Implementations Employing SAML…

Keynote Presentation – The NHS, Standards, Security & Identity Management
Mark D. Ferrar

Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution
Maarten Koopmans

The Identity and Authorization Management in e-Government System: Requirements and Implemention Methods
Chuan Liu

The Role of SAML for Identity Management in the Danish Public Sector
Søren Peter Nielsen

GUIDE Project for a Consistent Approach to Identity Management Across the EU and Its Use of SAML and Liberty Alliance
Keiron Salt

XML, Web Services and SOA: Data Protection and Privacy Opportunities and Challenges in the Government Sector
Rich Salz

Deployments planning to employ SAML…

Case Study: The British Columbia Attorney General implementation of Web Services Security
Toufic Boubez

References to/of SAML…

The Need of SDO Collobaration as an Enabler of SOA in NGN
Abbie Barbir

Towards Trusted Web Services
Kevin Blackman (see slide 28)

Practical Cases of One e-Identity for Different Web-Solutions
Zivko Lazarov

ITU-T Presentation
Georges Sebek

Of course these reference SAML…

XML Security Standards: Overview for the Non-Specialist
Hal Lockhart

Extensible Access Control Markup Language (XACML) Update
Hal Lockhart

[at time of writing this post, the content of the above two .ppt files was reversed relative to their labeling on the web page (and above). i reported the bug, it may be resolved at some point. I’ll update this page if necessary once the proceedings page is fixed.]

Average Rating: 4.6 out of 5 based on 270 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Adoption, SAML | No Comments »

December 11th, 2006

Eve Maler wrote, in her post about the Un-Talent Show at IIW2006b last Tue evening 5-Dec-2006

UPDATE: … about the gong. I’m not sure exactly what possessed JeffH to bring it with him, but he’s local and he’s a drummer, so QED, I guess! Kaliya used it throughout the IIW event to signal session transitions and such.

Well, some people bring cameras, ipods, whatever to meetings/conferences. I bring various wacky things from time-to-time. I suppose bringing one of my gongs is “friendlier” than bringing my sword, though some would argue the sword could be whacked on tables or whathaveyou to signal session transitions…

JeffH with sword, in office.

Average Rating: 4.9 out of 5 based on 245 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Events, Humor, Workshops | No Comments »

November 7th, 2006

..here..

SAMLv2 Glossary HTML version

..Thanks to some intrepid html hacking by John Kemp to add relative URI anchors to each of the defined terms. Hopefully, having this glossary online will help clarify various identity-related discussions on-going in various ad-hoc fora.

Of course, since the SAMLv2 spec set was produced using Open Office, it was rather simple to create a reasonable HTML version from the spec source.

Average Rating: 4.4 out of 5 based on 256 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in SAML, Specifications | No Comments »

November 1st, 2006

So Pat Patterson has pulled a nice rabbit outta his hat and concocted a SAMLv2 Relying Party Implementation in PHP! I’m going to have to play with this one…

Switching on the Lightbulb

Q&A on the OpenSSO SAML 2.0 PHP work

Average Rating: 4.6 out of 5 based on 199 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Engineering, Identity, SAML, Security | No Comments »

October 26th, 2006

Scott and I have updated the SAML-LSSO (Lightweight Web Browser Single-SignOn) profile and SimpleSign binding specs. Together they specify a lightweight SAML profile whose “security knob” can be dialed from completely “Off” to “On” (to various degrees) at implementation and/or deployment time. And if security is “On”, then the SimpleSign technique can be used, and/or the XMLdsig-based technique. The difference between the SimpleSign binding and the original SAMLv2 HTTP POST binding is rather small, and SimpleSign doesn’t obviate any aspects of the other binding, thus present implementations can be easily enhanced to support both bindings with minimal fuss.

Thus we feel one can easily, with SAML, provide the spectrum of simple-no-security-to-simple-but-with-security “Single Sign-On” functionality that various parties are currently running around attempting to reinvent.

The specs are here…

SAMLv2 Lightweight Web Browser SSO Profile

SAMLv2: HTTP POST “SimpleSign” Binding

JeffH sez check ’em out.

Average Rating: 4.7 out of 5 based on 253 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Draft Specs, SAML | 1 Comment »

October 11th, 2006

I did a cursory analysis of the number of current (as of 4-Oct-2006) IETF Internet-Drafts (I-Ds) that reference or employ SAML, and to what extent they do so. The executive summary of my findings is (click here to skip intro):

SUBSTANTIVE SAML employment:     8   I-Ds
Some SAML Incorporation:        10    ''
SAML referenced 'in passing':   10    ''

Seems to me this is a non-trivial number and that SAML is acquiring some decent traction there.

My overall analysis write-up is here, it lists the I-Ds my simple grepping turned up, as well as the bits of text where the term SAML occurs.

Average Rating: 4.6 out of 5 based on 172 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Adoption, IETF, SAML | No Comments »

October 5th, 2006

So there’s this bit of software called Gizmo that’s pretty cool, available from GizmoProject.com. It’s a SIP (Session Initiation Protocol) -based “softphone” widget, err.. gizmo, that allows one to make voice calls on the Internet, like VoIP, duh.

Anyway, obvious to anyone who’s paid a lick of attention the past few years, this competes with Skype. Since the Skype folk got a head start in this here land-grab internet property era we’re in, seems many of my colleagues have a skype account, but not many have a Gizmo one. So I’m posting this here to encourage folks to give Gizmo a try. Of course it offers all the features of Skype, and more (much larger concall size is one obvious feature bennie). And it is open-standards-based, as compared to Skype, which is so ridiculously proprietary they even went to enormous lengths to obfuscate their executable code, apparently in order to try stymie reverse-engineering (as I’d written about previously). So anyway, since I favor open-standards-based systems, and work in designing them (eg LDAP, SAML, ID-WSF, and now the SIP-world), I wish more folks would try Gizmo.

The only substantial complaint I’ve heard wrt Gizmo is that it can only register with Gizmo’s own SIP proxy server farms. Well, with the relatively recent version 2.x, this is remedied, and a Gizmo client can register with both the Gizmo proxies, and with any generic (and typically free, in the economic sense) SIP proxy you wish, eg iptel.org, and freeworlddialup.com, your own open-source Asterisk SIP server at home, or your company’s SIP server.

JeffH sez check it out.

ps: Of course, I’m also very supportive of open source SIP clients — I just haven’t had the time to check them out yet. There are some, though, so take a looksee here, or google for ’em. I’ll have to try some of them out and write about them. There’s also so-called “SIP hardphones” — I just got a SNOM 320 on my desk, and am exploring it. So far it’s pretty cool — although I can’t easily haul it around with me.

Average Rating: 5 out of 5 based on 266 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Identity, SIP, VoIP | No Comments »

October 4th, 2006

It’s been a long haul, but it’s finally out the door..

Liberty Alliance Releases Final Version of ID-WSF 2.0 Web Services Standards (a comprehensive press release)

The specs themselves are here, and a very useful diagram illustrating the various high-level entity relationships in a deployment is here. If you mouse-over the boxes in the latter diagram, you’ll get a pop-up definition for that box’s role in the abstract deployment architecture, taken from the glossary (plus a link to the glossary). I’m tickled by this because I’m the glossary’s editor, and it seems that glossaries are often overlooked. But in any case, I edited or contributed to many of the specs, so am glad it’s finally out.

So, this was a pretty dry post, like most of mine seem to be. Maybe someday I’ll figure out how to get some humor in here. But in the meantime, there’s folks who manage humor just fine. See Paul Madsen’s post wrt ID-WSFv2.0, for example 🙂

A whole passel of folks contributed to getting this release done and out. Those of us who wrote chunks of specs got our names on the specs, which is nice, but there’s a non-trivial chunk of that passel who did yeoman‘s work helping this stuff get done, many of whom work for IEEE-ISTO, and I thank them for their contributions.

Average Rating: 4.9 out of 5 based on 244 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Liberty / SAML, Specifications, Web Services | No Comments »

October 4th, 2006

Scott Cantor and I have updated the SAML HTTP POST-SimpleSign binding, which I’d posted about earlier in September.

The revised spec is here: draft-hodges-saml-binding-simplesign-02.pdf.

We enhanced section “1.2.4 Message Encoding and Conveyance” to allow for conveyance of a signed (via XMLdsig) SAML message via this binding. The primary implication of this change is that the only material difference between this binding and the “stock” HTTP POST binding in saml-bindings-2.0-os is inclusion of HTTP POST-SimpleSign’s particular sign-the-BLOB signature. We hope that this leads to greater code-reuse and ease for implementors.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

Also, I need to update the SAMLv2 Lightweight Web Browser SSO Profile Internet-Draft (draft-hodges-saml-lsso-00.txt) to reference this new rev of the HTTP POST-SimpleSign binding.

Average Rating: 4.8 out of 5 based on 224 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Draft Specs, SAML | No Comments »

September 8th, 2006

Scott Cantor and I have revised the SAML HTTP POST-NoXMLdsig binding, which I’d posted about a while back.

We’ve renamed the binding to: “HTTP POST-SimpleSign”

The revised spec is here: draft-hodges-saml-binding-simplesign-01.pdf.

Note that the new “SimpleSign” spec obsoletes the old “NoXMLdsig” one.

There’s also various other relatively minor (some are subtle-but-important) changes and fixes, such as..

  • Clarified that conveyed assertions may be signed.
  • Added optional conveyance of KeyInfo from XMLdsig in order to supply a hint wrt keying material to the recipient.
  • Clarified composability with other SAML HTTP-based bindings.
  • Revamped illustration.
  • etc.

We’re thinking we’re getting pretty close to being “done” with this particular spec.

FYI, an example SAML profile utilizing this binding is..

SAMLv2 Lightweight Web Browser SSO Profile
draft-hodges-saml-lsso-00.txt

Average Rating: 4.7 out of 5 based on 272 user reviews.

[ | | | from fda approved pharmacy | ]

Posted in Draft Specs, SAML | No Comments »

« Older Entries
Newer Entries »