Oasis Gives SAML 1.0 a Thumbs-Up

Anonymous Custard writes "Oasis has approved the SAML 1.0 specification. From Infoworld: 'Members of the Oasis interoperability consortium approved the Security Assertion Markup Language (SAML) on Wednesday as an OASIS open standard. The move paves the way for the XML-based framework to enable secure SSO (single sign-on) and other security functions for Web services transactions spanning multiple hosted sites.' I feel more secure already!"

Passport competition?

[Alethes]

Is this an open standard that will compete with Passport, or is it something that Passport will have interoperablity with? Are they even related?

Just a thought

[cranos]

and keep in mind I am not all that up to speed with web services but are any of these XML files that are going to be used for authentication going to be encrypted?

I can see a giant hole here in terms of a dedicated cracker intercepting un-encrypted XML files, parsing the information and then using that info for their own nefarious (yes its a big word) schemes.

Again when it comes to Web Services I am not the most up to date, its just a thought

Re:Just a thought

[Erik+Hollensbe]

Well, I'm sure the spec calls for encryption (as it would never get accepted otherwise)....

Then again, run a sniffer on your corporate/college network, and take a look at all those fools who use IMAP and POP without ssl to get their email. It's no better.

(Hint: if you're forced to use one of these systems (like I am), make sure you're not using a password you care about -- and don't even bother to make it cryptic)

Re:XML framework

[kiltedtaco]

Ok, so because there's a structure to the data transmitted between two computers, it's more secure?

What?