Thursday, July 19, 2007

E-Authentication has revised architecture to incorporate SAML V2.0

pencil icon, that"s clickable to start editing the post

The E-Authentication Federation Newsletter for July brings the happy news New Architecture Approved: SAML 2.0 is Ready for Business.

The architecture has been revised to incorporate SAML V2.0 and adds an additional adopted scheme and interface specification. It sounds like the existing interfaces (and schemes) will be kept, but if the architecture is truly changed then these will have to be updated or otherwise the architecture must have been widened to embrace both the current and an SAML V2.0'ish version.

Considering that the previous interface specifications are defined on earlier versions of SAML and that SAML v2.0 was approved as an OASIS Standard since March 2005 and basic interoperability was proven at the RSA conference the same year, it's about time. There has obviously been put a lot of time and energy into the work leading to the new SAML V2.0 interface specifications:

The process to revise the architecture was rigorous. The E-Authentication PMO conducted an interoperability event in the Interoperability Lab to determine the capability of various vendors to comply with the SAML 2.0 specification. The E-Authentication PMO also talked with agencies to identify which features were necessary, as well as other features that would be most valuable to them. Working on behalf of the agencies, the EAuthentication PMO discussed the Government’s prioritized requirements with the vendors so they could include those features in their products, resulting in better product capabilities available to agencies. The vendors then participated in another interoperability event to demonstrate their products’ capabilities, their ability to meet the Government’s requirements, and their ability to interoperate with other vendors’ products.

Eager to get some deeper insight into the revised architecture I navigated and searched the E-Authentication website for the new SAML V2.0 interface specifications without any luck, to come back the next day and find it under The E-Authentication Technical Architecture. The next phase to prepare actual implementation has begun:

A tiger team within the Technical Working Group is now addressing the issues associated with migrating agencies and CSPs to the new architecture.