"Boston, MA, USA; 6 November 2002 -- The OASIS interoperability consortium today announced that its members have approved the Security Assertion Markup Language (SAML) v1.0 as an OASIS Open Standard, a status that signifies the highest level of ratification. SAML is an XML-based framework for Web services that allows the exchange of authentication and authorization information among business partners. SAML enables Web-based security interoperability functions, such as single sign-on, across sites hosted by multiple companies..."
Analysis:
The standard is highly relevant from a legal standpoint, since it security assertions seem to have high liability impact.
The SAML-standard will raise a set of important legal issues. The following are but a subset:
1) What does it mean to assert security across services, legally?
2) What liabilities are assumed?
3) How can these liabilities be a) expressed in the standard or c) managed in support contract structures?
4) What new issues will arise due to the fact that single signon seems to allow massive collection of personal data across different collecting parties?
5) Will the sum of personal data be assessed from a privacy perspective or only the subsets accessible to each party?
These, and many other questions, must now be sufficiently addressed in the continuing work of the SAML-group.
Posted by nicklas at November 8, 2002 10:21 AMAnd Muad'Dib stood before them, and he said: "Though we deem the captive dead,
yet does she live. For her seed is my seed and her voice is my voice. And she
sees unto the farthest reaches of possibility. Yea, unto the vale of the
unknowable does she see because of me."
-- from "Arrakis Awakening" by the Princess Irulan
fioricet