The SAML 2.0 protocol celebrates its 10th anniversary on 15th March 2015. This XML (Extensible Markup Language)-based open-standard data format enables the exchange of authentication and authorisation data between identity providers and service providers, and is at the heart of eduGAIN and of research and education identity federations worldwide.
SAML (Security Assertion Markup Language) is a product of the Security Services Technical Committee of OASIS (Organization for the Advancement of Structured Information Standards). The community voted to approve the SAML 2.0 standard on 1 March 2005, and it achieved its final version two weeks later. Some 30 individuals from almost 30 companies and organisations were involved in the creation of SAML 2.0 and it has seen significant uptake across the globe.
SAML has significant benefits for the identity landscape. It allows systems and software to be developed and evolve independently, but to interoperate against a standard specification. This gives organisations greater choice in terms of their deployment approach, while guaranteeing a standard level of security and interoperability. Deployers can then mitigate risks, reduce administrative costs, and provide standardised interfaces to users.
SAML 2.0 was designed to update the work of SAML 1.1 and to better integrate with developments that were being made as part of the Liberty Alliance project (now the Kantara Initiative). SAML 2.0 represented a complete reworking and rethinking of how security assertions should be made in the modern Web environment, allowing for greater flexibility and more sophisticated deployments. Those involved at the time recognised that the changes proposed with SAML 2.0 were radical, but knew that identity would be an important part of the future Internet landscape.
The use of SAML across the more than 50 currently-existing research and education identity federations is tracked by REFEDS - the Research and Education Federations group - which celebrates its own 10th birthday in June 2015.
Although federations make differing choices in terms of their structure and technology, they are all underpinned by this one standard. This allows for greater interoperability and exchange of information, for example through the eduGAIN interfederation service.
Andreas Solberg, Senior Technical Architect at UNINETT and chief developer for the simpleSAMLphp project said: "The really high interest in and adoption of SAML 2.0, and also the significant contributions made to the SimpleSAMLphp project, indicate the impact and opportunities that the SAML 2.0 protocol has brought - impact and opportunities that span countries and cultures and connecting people and organisations".
Despite the long history of SAML 2.0, REFEDS still sees the use of SAML 1 within some federations. This highlights the complexity and lead-time needed to implement standards in a unified manner.
Any organisation that wishes to learn more about updating from SAML 1 to SAML 2.0 should contact REFEDS, or join the REFEDS anniversary celebrations that will be held in Porto, Portugal, on Sunday 14 June.