International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Thursday, May 11, 2006

The Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) authored by OASIS (Organization for the Advancement of Structured Information Standards) have been consented as internationally recognised ITU-T Recommendations. The announcement is the first result of the formal relationship between the standardization sector of ITU and OASIS.

The standards (ITU-T Recommendations X.1141 (SAML) and X.1142 (XACML)) address the concern of how to allow safe single sign-on, a system that enables a user to authenticate once and gain access to the resources of multiple software systems. While solutions existed in this space, all were proprietary, and therefore not addressing the problem on a global level.

SAML and XACML are designed to control access to devices and applications on a network. The need for standards in this area has become more of an issue as business networks increasingly use the public Internet.

SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML leverages this information to determine access to resources by focusing on the mechanism for arriving at those authorization decisions.

An additional feature of SAML is that it allows organizations to communicate information without any change to their own internal security architectures.