EAuthentication has annonced that
five SAML 2.0 products have successfully completed interoperability testing and are now approved for use by federal agencies in implementing E-Authentication.. The list can be seen under Approved Product Vendors [PDF]and to save you the lookup the lucky products are:
- Entrust GetAccess v7.1
- Hewlett-Packard OpenView Select Federation v6.6.2
- BM Tivoli Federated Identity Manager v6.1.1
- Ping Identity Corporation PingFederate v4.4
- Sun Microsystems Access Manager 7.0 with SAML 2.0 Plugin
That's great for those vendors and the authorities on the lookout for a product with this kind of compliance, but what's in it and how do others come to the same lucky state?
The announcement gives the prerequisites:
GSA will accept applications from SAML 2.0 product vendors for interoperability testing based on the SAML 2.0 technical architecture and interface specifications. As a pre-requisite for such testing, GSA now requires that product vendors complete the Liberty Alliance SAML 2.0 v2.0 interoperability testing requirements for the Liberty Interoperable program. This requirement pertains to all product vendors interested in being listed on the E-Authentication Solution Approved Product Vendors list.
For products already listed on the Approved Product Vendors list, vendors will need to complete the Liberty Alliance SAML 2.0 Interoperability testing for any new version of the product, before it can be added to the Approved Product Vendor list.
The only question unanswered are the exercises that the product will have to perform to be interoperability testing. For Project Interoperable the test procedures (Liberty Interoperability Testing Procedures for SAML 2.0 v2.0 [PDF]) is public available but that doesn't seem to be the case for E-Authentication, though it would be interesting to see the difference and specifics of the these test procedures.