OASIS Launches SAML XML.org Online Community

The OASIS international standards consortium today introduced a new XML.org online community web site dedicated to supporting the Security Assertion Markup Language (SAML). The site (http://saml.xml.org) will serve as the official information resource for the SAML OASIS Standard, which provides an XML-based framework for online partners to exchange user authentication, entitlement, and attribute information.

“SAML is recognized as the gold standard for federated identity,” said Eve Maler, director of technology in Business Alliances at Sun Microsystems. “OASIS has created SAML XML.org as a way to enable users, developers, vendors, and other standards efforts from around the world to share information and learn from one another. Sun has taken an active role in SAML’s spec development, product support, interoperability, and education since its earliest days, and we’re delighted to see the launch of this new resource.”

All pages on SAML XML.org are accessible by the public, and users are encouraged to contribute content. The site features a wiki knowledgebase of information on using and understanding SAML. It also includes sections where readers can post related news, event information, listings for products and services, links to white papers, case studies, and other resources. Forums that support interactive discussions and blogs are also featured.

“Ping Identity is a strong advocate of standards that allow more and more companies today to benefit from secure internet single sign-on,” said Ping Identity CTO, Patrick Harding. “We are pleased to help the SAML XML.org effort provide an easy-to-navigate nexus point where people can quickly find the information they need.”

SAML is a flexible and extensible standard designed to be used by other standards. The Liberty Alliance, the Internet2 Shibboleth project, and the WS-Security OASIS Standard have all adopted SAML as a technological underpinning for various purposes.

SAML XML.org is the newest addition to the XML.org family of web sites devoted to supporting communities around open standards; other sites are devoted to BPEL, DITA, ebXML, IDtrust, OpenDocument, and UDDI.

About OASIS:

OASIS (Organization for the Advancement of Structured Information Standards), drives the development, convergence, and adoption of open standards for the global information society. A not-for-profit consortium, OASIS advances standards for SOA, security, Web services, documents, e-commerce, government and law, localisation, supply chains, XML processing, and other areas of need identified by its members. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. http://www.oasis-open.org

SEC Proposes Requiring Interactive Data Reporting [XBRL]

<ed.note>I told ya it was comin’…</ed.note>

We are proposing rules requiring companies to provide financial statement information in a form that would improve its usefulness to investors. Under the proposed rules, financial statement information could be downloaded directly into spreadsheets, analyzed in a variety of ways using commercial off-the-shelf software, and used within investment models in other software formats. The rules would apply to domestic and foreign public companies that prepare their financial statements in accordance with generally accepted accounting principles as used in the United States (U.S. GAAP), and foreign private issuers that prepare their financial statements using International Financial Reporting Standards (IFRS) as promulgated by the International Accounting Standards Board (IASB). Companies would provide their financial statements to the Commission and on their corporate Web sites in interactive data format using the eXtensible Business Reporting Language (XBRL). The interactive data would be provided as an exhibit to periodic reports and registration statements, as well as to transition reports for a change in fiscal year. The proposed rules are intended not only to make financial information easier for investors to analyze, but also to assist in automating regulatory filings and business information processing. Interactive data has the potential to increase the speed, accuracy, and usability of financial disclosure, and eventually reduce costs.

S.E.C. Moves Toward Requiring Interactive Data Filings

May 14, 2008, By Grant Gross, IDG News Service\Washington Bureau, IDG, NYTimes.com

The U.S. Securities and Exchange Commission has taken a major step toward requiring publicly traded companies to submit their reports to the agency in an interactive data format, with backers saying the change will make financial reports easier to analyze.

All three SEC members voted to publish a proposal that would require public companies to file reports in eXtensible Business Reporting Language, or XBRL, a programming language related to XML that’s being developed by a nonprofit consortium of about 450 companies. Under the proposal, which still needs final approval from the SEC after a public comment period, the transition from text and HTML reports to XBRL would take three years, with about 500 of the largest U.S. and foreign companies required to start filing XBRL reports after Dec. 15.

OASIS Members Demonstrate Interoperability of XACML Access Control Standard in HITSP Health Care Scenario

San Francisco, CA, USA; 7 April 2008 — At the RSA Conference today, members of the OASIS open standards consortium, in cooperation with the Health Information Technologies Standards Panel (HITSP), demonstrated interoperability of the eXtensible Access Control Markup Language (XACML) version 2.0. Simulating a real world scenario provided by the U.S. Department of Veterans Affairs, the demo showed how XACML ensures successful authorization decision requests and the exchange of authorization policies.

"XACML is widely regarded as the standard for solving complex access control problems in the enterprise," noted James Bryce Clark, director of standards development at OASIS. "Today’s demo shows that XACML can play a key role in health care. By successfully enforcing fine-grained access control decisions to protected health information, XACML meets HITSP’s requirements for security and privacy."

"We’re pleased to work with OASIS on addressing the very sensitive issues related to the access of patient information," said John (Mike) Davis, standards architect with the VHA Office of Information in the Department of Veterans Affairs, and a member of the HITSP Security, Privacy and Infrastructure Technical Committee. "XACML helps ensure that patients, physicians, hospitals, public health agencies and other authorized users share critical information appropriately and securely."

Partners Converge

Dec 1, 2007 By Michael Fickes, securitysolutions.com

After years of talk, physical security systems are finally converging with IT networks to automate new tasks.

“We are all talking XML today,” says Mark Allen, director of enterprise convergence solutions with Hirsch Electronics Corp. in Santa Ana, Calif. “Today we can put a Web server on a UNIX system and talk to it from a Windows system. We can even put a Web server on a mainframe and enable other systems to talk to it using XML.”

Think of XML as a common or standard language that all systems understand — from Linux to UNIX to Windows to Mac OSX.

The standard XML language combined with a Web server has made it easy to share data between systems and to automate activities based on the meaning of the shared data.

Gleaning Resource Descriptions from Dialects of Languages, Open Virtual Machine Format Specifications write ups at Cover Pages

The World Wide Web Consortium has announced the publication of Gleaning Resource Descriptions from Dialects of Languages (GRDDL) as a W3C Recommendation, together with a separate GRDDL Test Cases Recommendation. The GRDDL specification represents "an important link between Semantic Web and microformats communities. With GRDDL (pronounced ‘griddle’), software can automatically extract information from structured Web pages to make it part of the Semantic Web. Those accustomed to expressing structured data with microformats in XHTML can thus increase the value of their existing data by porting it to the Semantic Web, at very low cost." More here.

Dell, HP, IBM, Microsoft, VMware, and XenSource have submitted the Open Virtual Machine Format Specification (OVF) to the Distributed Management Task Force (DMTF) for further development into an industry standard. The OVF specification describes an open, secure, portable, efficient and extensible format for the packaging and distribution of (collections of) virtual machines. Its goal is to facilitate the automated, secure management not only of virtual machines, but the appliance as a functional unit. More here.