OASIS approves single sign-on standard for e-business

The first version of the Security Assertion Markup Language (SAML) has been ratified by the standards group OASIS, giving Web site developers an open standard that will allow users to visit multiple unrelated sites after logging in with a secure single sign-on.

In an announcement Wednesday, the Organization for the Advancement of Structured Information Standards (OASIS), a Boston-based e-business standards group, said its members approved SAML Version 1.0 as an OASIS Open Standard, adding it to a growing number of Web-based standards being created for business.

Last month, OASIS announced the adoption of a new ebXML Messaging Service Specification standard for business communications.

SAML is an XML-based framework for Web services that allows authentication and authorization information to be exchanged among different Web sites or businesses. It includes single sign-on by a user and allows visitors to use sites hosted by multiple companies, making it easier for people to shop online without having to log in individually at each site.

A spokesperson for OASIS could not be reached for comment.

“SAML lets companies implement single sign-on solutions that allow users to visit various Web sites without being repeatedly challenged for credentials,” Joe Pato, who works for Hewlett-Packard Co. and is co-chair of the OASIS Security Services Technical Committee, said in a statement. “In addition, SAML makes it possible to include security information in documents used in business transactions. This is particularly relevant for Web services, where security is critical.”

SAML incorporates industry-standard protocols and messaging frameworks, such as XML Signature, XML Encryption and SOAP. The specification can be integrated in standard environments such as HTTP and standard Web browsers, according to OASIS.

The SAML OASIS Open Standard was developed by a consortium of companies, including Baltimore Technologies PLC, BEA Systems Inc., Computer Associates International Inc., HP, IBM, Sun Microsystems Inc., VeriSign Inc. and other members of the OASIS Security Services Technical Committee.

“Ratification as an OASIS Open Standard means that developers can deploy SAML with confidence,” Karl Best, OASIS director of technical operations, said in a statement.

OASIS is a nonprofit, global consortium that works to create and adopt e-business technology standards.