This week marks the 10th anniversary of the adoption of SAML V2.0 as a standard for exchanging authentication and authorization data between parties. This is a significant milestone for the InCommon community and all of those who depend on federated identity and access management.

 

SAML is the Security Assertion Markup Language and is the basis for the Shibboleth single sign-on and federating software. Shibboleth grew out of the Internet2 Middleware Initiative and is now under the auspices of the international Shibboleth Consortium. (In fact, a new version of Shibboleth has just been released and is the topic for a webinar archived on March 11, 2015.) The SAML standard is also what makes the InCommon Federation work, as well as many of the other Research and Education federations around the world.

The SAML specification defines three roles: the user, the identity provider (IdP), and the service provider (SP). In a typical scenario, the user requests access to a service. The service provider requests an assertion from the identity provider and, based on that assertion, makes a decision about whether to provide access to the user.

SAML dates from 2001 and the current 2.0 version was adopted as a standard in 2005. The OASIS Security Services Technical Committee met in January 2001 to begin developing an XML framework for exchanging authentication and authorization information.

The InCommon Federation was formed in 2004, the year before the SAML V2.0 standard was ratified. The standard allowed the InCommon community to flourish, enabling the exchange of access information among millions of individuals in higher education and beyond.

Two community members associated with Internet2 and InCommon played major roles in the success of SAML V2.0 – Scott Cantor of The Ohio State University, one of the key developers of Shibboleth and long-time member of the InCommon Technical Advisory Committee, and the late R.L. “Bob” Morgan of the University of Washington and long-time chair of the InCommon Technical Advisory Committee.

As you enjoy the benefits of single sign-on during your day, remember to wish a happy birthday and thank-you to SAML V2.0 for making identity federation possible.