27 April, 2006
The Danish Government this week agreed to stick with its endorsement of SAML 2.0 (Security Assertion Markup Language) as the “recommended standard for federation,” and urged Microsoft to support “customer choice by implementing support for SAML 2.0 in their operating system…” Using privately-controlled specifications could “stifle innovation…” the report adds. SAML is an XML standard for exchanging authentication and authorization data between security domains.
The Danish IT Architecture Committee has decided to stand firm on SAML 2.0 as the recommended standard for federation. The OASIS ratified SAML 2.0 standard has, since April 2005, been the officially recommended standard for the federation in the Danish public sector.
Microsoft’s recent decision to ship a federation service, as part of its Windows 2003 server operating system without supporting the SAML 2.0 standard challenges this recommendation because the WS-Federation specification implemented by Microsoft cannot interoperate with SAML 2.0.
Denmark thinks Microsoft should support customer choice by implementing support for SAML 2.0 in their operating system on equal footing with the WS-Federation specification.
Basing e-government on privately controlled specifications that may stifle innovation is not desirable from the Danish point of view. As a consequence the Danish IT Architecture committee has decided to stand firm on the SAML 2.0 recommendation. At the same time the committee has decided to try and work towards convergence in the area of federation standards through dialogue with EU, other governments, suppliers and standardizations bodies. For further information, see: europa.eu.int/idabc/en/document/5538/194.