SAML Interoperability and Deployment Profiles

eGov20 STORK difference Ocober 2011.xls

This is the home of the Kantara SAML 2.0 eGov Interoperability Profile. (It was moved from the eGov-WG to the FI-WG).

SAML 2.0 eGov Interoperability Profile

This profile reflects the current best practice for SAML profiles with regard to scaleability in federations and product support. It is used as a base for deployment profiles in large federations.

While there is nothing specific in the profile pertaining to governments, its initial sponsors were government agencies.

The current version is attached to this page.

SAML 2.0 eGov Deployment Profiles

Following deployment profiles are known to be based on the SAML 2.0 eGov Interoperability Profile:

• Austria: PVP-SAML2
• Canada: CA - CATS IAS V2.0 Deployment Profile
• Denmark: OIO SAML WebSSO
• Finland: Finnish SAML2 Deployment Profile, Finnish SAML2 Attribute Profile
• New Zealand: NZ SAMS  RealMe overview
• U.S.A.: ICAM SAML WebSSO profile and the functional test criteria for the SAML Profile

• Higher Education: SAML2Int profile (was actually co-developed, not derived)

Relationships between SAML standards and profiles (Overview)

The following "family tree" provides an overview the different classes of standards and profiles.

What purpose service profiles?

• An interoperability profile shall achieve conformance with the specification, is not too restrictive leaving many choices. It targets developers.
• A deployment profile leaves no or only few options. Its audience are deployers.
• SAML conformance profiles have the same intent as a interoperability profile, but are too loose in V2.0 to ensure interoperability.