If you build it, they will come. That's the hope for the Security Assertion Markup Language (SAML) that it will help boost the adoption of single sign-on.

TSAML offers a structure for carrying out single sign-on authentication. However, Web sites must agree to trust each other's methods for authenticating before SAML can truly be effective.

The way SAML works is that a user logs on to a Web site and is authenticated. If they want to leave that site to access another SAML-enabled site, a sort of handshake is done to check authorization, and they are either allowed or denied permission to head to the next site. All this is done transparent to the user - in other words they don't have to log on to yet another site.

SAML, a form of XML, has three components: authentication, authorization and attribution, according to the Organization for the Advancement of Structured Information Standards (OASIS). Authentication validates the user who is requesting access, authorization shows what the user is able to do; and attribute offers details about the user or computer. These components can be applied to business-to-business transactions and business-to-consumer transactions that involve live users or automated computers.

SAML works in conjunction with the Simple Object Access Protocol, a critical element of Web services, as well as BizTalk and e-business XML. Version 1.0 of the SAML standard was approved in November by OASIS. OASIS is looking to SAML to provide Web-based security interoperability functions that are currently lacking in other Web services standards.

But SAML has a hook. In order for it to be successful, networks of Web sites need to employ similar authorities, attributes and assertions about a user so that handoffs are clearly understood. If that happens, SAML will help propel e-commerce and Internet usage as a whole to a new level.

For more on SAML, including a diagram of how it works, check out Network World's Tech Update at http://www.nwfusion.com/news/tech/2003/0421techupdate.html .

 

Current Article

Motivating You - Network World digs deep into your work, career and free time

Past Articles

Your WAN: What's your next move? What you'll learn at Network World's WAN Technology Tour

Wireless: How far we have come - What to expect at Network World's WLAN Technology Tour

What's new about the New Data Center: How the concept of the New Data Center forces different thinking

2004: What do you need to know? - Your chance to help shape the Network World Technology Tour

What identity management can do for you: The importance of identity management

Mailbag: Who's minding the voice calls? A trick question

Mix 'n match storage: Not all data requires the same storage approach

Key to VoIP success? Training VoIP smarts

Who is responsible for securing voice calls over data lines? - Network and data managers must work together to ensure network integrity

Is your network view cloudy? - Storage: Shoring up your enterprise strategy

Six options for securing wireless LANs: Lessons from Network World's Security Technology Tour

Security and Storage: The perfect pair

Get savvy about SAML: Single sign-on with SAML

Standardizing IT skill sets: Your chance to help shape the standards for IT skill sets (05/14/03)

The art of consolidation: Consolidation is not an admission of defeat (05/07/03)

Reinforcing security: Network World Technology Tour focuses on corporate security (04/30/03)

The Day Two demands of VoIP: Taking voice-over-IP to the next level (04/23/03)

Instant messaging getting its due?: Instant messaging finds a home in the enterprise (04/16/03)

A powerhouse of CEOs in one room : Of Cisco, Linksys and Vortex 2003 (04/09/03)

How to survey your site for WLAN : Getting ready for WLAN in your enterprise (04/02/03)

Fooling spamers : Anti-spam tips from the Center for Democracy & Technology (03/26/03)

IEEE works on wireless access for riders on high-speed vehicles : Introducing IEEE's 802.20 spec (03/19/03)

Where will you spend your security dollars : What's the most important to you in security? (03/12/03)

What are your WLAN concerns?: Join our Wireless LANs Technology Tour (03/05/03)

Voice and video on the security scene: Identification via voice and skin recognition (02/26/03)

Is now the time for service level management?: What came out of the Service Level Management Tour? (02/19/03)

Setting limits: When to say "No" to end-users (02/11/03)

Keeping up with the patches: Resources to help guard against security attacks (02/05/03)

State of the state: Venture capitalists are cautiously optimistic about the future (01/29/03)

Demo: Who says innovation is dead? (01/22/03)

Inside Wireless LANs: Building and managing a well-integrated WLAN network (01/15/03)

Inside service-level management: A look at what Network World’s Technology Tour on SLM will offer (01/07/03)

Shaking the tree: The problems with voting systems (12/17/02)

Videoconferencing: Bring it on (12/11/02)

It’s not just about networks anymore: Extending enterprise applications (12/04/02)

Mailbag 2: Dial-up is (not) history (11/27/02)

Mailbag: Dial-up is dead (11/20/02)

Voting: A lesson in technology (11/13/02)

Dial-up is history: Hurray for wireless LANs (11/06/02)

Dial-up is history (10/30/02)

Inside the LAN (10/23/02)

Your WAN concerns (10/16/02)

Mobile interaction (10/09/02)

The Wireless World (10/02/02)

The State of IT Spending (09/25/02)

Let's talk VoIP (09/18/02)

Distance learning not all about distance (09/11/02)

What's the state of your WAN? (09/04/02)

Paperless society falls by the wayside (08/28/02)

Educating tomorrow's IT managers (08/21/02)

Educating tomorrow's IT managers (08/14/02)

Your work concerns (08/07/02)

All about You (07/10/02)

A tale of woe from the front line (07/10/02)

Your commitment to yourself (07/03/02)

Mailbag: Who should foot the training bill? (06/19/02)

Security: A tough nut to crack (06/12/02)

Training is up to you (06/05/02)

How valuable is training?(05/30/02)

Data prioritization: Not as easy as you think (05/22/02)

Keeping up with security (05/15/02)

Storage: The crux of business continuity (05/09/02)

IT training on the rise for 2003, NetSmart, 05/03/02

The allure of 3G, NetSmart, 04/24/02

RFPs: Get your money's worth, NetSmart, 04/10/02

Cisco exams tests real-world skills, NetSmart, 04/03/02

Wireless: The key to enterprise application integration?, NetSmart, 03/27/02

Are you ready for voice over IP?, NetSmart, 03/20/02

The value of communication, NetSmart, 03/13/02

Your thoughts on training and technology, NetSmart, 03/06/02

More vacation time or more certifications?, NetSmart, 02/27/02

Live demos: Could you do them?, NetSmart, 02/20/02

Take our learning "test" to help us help you, NetSmart, 02/13/02

Screaming for streaming media, NetSmart, 02/06/02

Mailbag: Ways to learn on a shoestring, NetSmart, 01/30/02

HIPAA's ripple effect, NetSmart, 01/23/02

Ways to learn on a shoestring, NetSmart, 01/16/02

Spring 2002 tour schedule, NetSmart, 01/09/02

Several ideas for finding internship opportunities, NetSmart, 12/21/01

How to get the best out of trade shows, NetSmart, 12/19/01

Internships make a comeback, NetSmart, 12/12/01

The longevity of skills, NetSmart, 12/05/01

The State of the LAN/MAN tour is underway, NetSmart, 11/28/01

State of the LAN/MAN seminars and resources, NetSmart, 11/16/01

Got Certification?, NetSmart, 11/14/01

Your thoughts on certifications, NetSmart, 11/07/01

Resources to help you decide if XP is right for you, NetSmart, 10/31/01

The benefits of short-term certifications, NetSmart, 10/24/01

A list of storage resources on the web, NetSmart, 10/15/01

Reviewing IT Budgets, NetSmart, 10/09/01

Local-based training options, NetSmart, 10/02/01

Disaster recovery, Part 2, NetSmart, 09/27/01

Help for disaster recovery planning, NetSmart, 09/20/01

The power of public speaking, NetSmart, 09/17/01

Tips for getting to know your colleagues, NetSmart, 08/21/01

Places to talk about tech online, NetSmart, 08/14/01

The fall lineup, NetSmart, 08/07/01

Salary survey shows certification boosts your pay, NetSmart, 07/31/01

Ease your concerns with training, NetSmart, 07/24/01

Summer vacation: A great training opportunity?, NetSmart, 07/19/01

Train the trainer, NetSmart, 07/10/01

The manager's role in training, NetSmart, 07/02/01

Project management is your best friend, NetSmart, 06/27/01

Tracking one network manager's journey to CCIE, NetSmart, 06/21/01

Practice makes perfect, NetSmart, 06/14/01

Training in two's, NetSmart, 06/07/01

Training isn't just about education, NetSmart, 05/30/01

Boot camps boost you network skills, NetSmart, 05/23/01

The many benefits of on-Site training, NetSmart, 05/16/01

Back to basics, NetSmart, 05/02/01