Baltimore Tech first to add SAML

Baltimore Technologies this week will release the first Web access-management software that features an emerging security protocol designed to support interoperable authentication services.

With SelectAccess 5.0, Baltimore is the first vendor to release an implementation of Security Assertion Markup Language (SAML). The company's major competitors, including Netegrity, Oblix, RSA Security and Open Network Technologies, also plan to implement the 1.0 specification before year-end.

The first version of the protocol, which the Organization for the Advancement of Structured Information Standards is scheduled to ratify in June, is an XML framework for exchanging authentication and authorization credentials.

SAML can be used between any network security boundaries. It promises to allow interoperability between disparate Web access-management systems, which are used to control access to corporate networks. That should free IT executives from product lock-ins and cumbersome gateways, advocates say.

"Many enterprises say they want to provide Web single sign-on in a standard way that is vendor neutral, and SAML is important in enabling that to happen," says James Kobielus, an analyst with The Burton Group and a Network World columnist. "All these access management vendors know they need to have their products interoperate, so they are behind SAML."

The major vendors will hold a proof-of-concept test at The Burton Group's annual Catalyst Conference in July.

Kobielus warns that SAML won't realize its potential unless implementations of the specification are consistent across vendors' products. That is not always an easy task, as evidenced by initial troubles to get vendors' implementations of Lightweight Directory Access Protocol (LDAP) to work together.

SelectAccess 5.0 also features a new automatic configuration service for its validation engine and its plug-ins used to tie Web servers into SelectAccess. Configurations are stored in an LDAP-compliant directory and automatically pushed out to new validation engines or plug-ins. The company also has added reporting and alerting capabilities and support for wireless authorization.

SelectAccess 5.0 costs $20 per user for 1,000 users. It runs on Windows 2000 and NT, HP-UX 11, Sun Solaris 2.8, and Red Hat Linux 7.2.