I often mention\u00a0Security Assertion Markup Language, or\u00a0SAML,\u00a0in this newsletter (28 times in the last 80 or so issues), usually in conjunction with one or another of the various federation protocols such as Liberty Alliance, WS-Federation or Shiboleth. Generally, when some product is announced as "SAML-enabled," it's by an existing identity management vendor.In a recent article for Network World (link below), my colleague Jim Kobielus, a senior analyst with Burton Group, refers to "SAML-enabled Web access management tools from vendors such as Computer Associates, Entrust, Entegrity, HP, IBM Tivoli, Netegrity, Novell, Oblix, OpenNetwork, RSA Security and Sun." Every single one of those vendors has an identity management practice and most support their own directory service.So I tend to quickly glance over announcements of new SAML implementations unless they break new ground. One announcement\u00a0I heard a couple of weeks ago definitely qualifies for more than a glance.Juniper Networks is usually talked about in the "service provider" section of Network World. It's a major competitor to Cisco for the big router market, with impressive sales to the likes of AOL, the U.S. Department of Defense and Verizon. But it also made some moves this year to dive deeper into the enterprise market, especially with the acquisition of NetScreen Technologies early this year. That followed NetScreen's acquisition of Neoteris late last year. Neoteris first came to our attention a couple of years ago (see "Single Sign-on Outside the Firewall," https:\/\/www.nwfusion.com\/newsletters\/dir\/2002\/01560827.html) with its Instant Virtual Extranet (IVE). Now those same people are shipping Juniper's SecureAccess line of Secure Sockets Layer (SSL) VPN devices as SAML-enabled.Why would Juniper want to do this? Its reasoning, as propounded by the marketing folks, is that by using SAML:"Juniper's SSL VPN gateways are able to communicate with Identity and Access Management (IAM) products, such as those from Oblix, RSA, IBM, and Netegrity, in a standards-based manner.\u00a0 Juniper's SSL VPN devices enable Web Single Sign-On and centrally enforce authorization.\u00a0 Juniper's SSL VPN also eliminates the need for distributed software agents that in the absence of Juniper's SSL VPN are required to perform these tasks.\u00a0 The cost associated with distributing and updating those agents, as well as the required server hardening, substantially adds to the total cost and complexity of IAM products.\u00a0 By removing the need for those agents, Juniper makes existing IAM investments less expensive to maintain and brings IAM solutions within the reach of customers who would choose not to deploy them otherwise (i.e. medium, large enterprises)."In a nutshell, "the combined Juniper SSL VPN and SAML-enabled IAM product represent a significant lower total cost of ownership for customers vs. deploying IAM products stand-alone." I couldn't have said it better myself - Web-based single sign-on, lower cost, higher security. Isn't that really what we're all looking for? You may not need Juniper's SSL VPN products yourself, but I bet you do know someone who could use them. Check https:\/\/www.juniper.net\/products\/ssl\/ for the details and send them on to someone who could benefit (such as, for example, your own telecoms department).