The Liberty Alliance will announce the completion of the 2.0 spec at the RSA conference, April 14-17, 2003. A piece of the Liberty spec will be going to OASIS - which has implications for the SAML standard. Prateek Mishra, Netegrity director of technology and architecture, co-chair for the OASIS SSTC board, and and an editor of the SAML 1.0 spec, explained to WSJ the importance that SAML will continue to have for OASIS and the Liberty Alliance.

What will be the key features of the 2.0 spec? How will the 2.0 spec differ from earlier versions?
Prateek Mishra: Liberty 2.0 has a range of powerful features which allow services describing an individual's attributes (e.g., profiles, wallet, location) to participate in on-line transactions initiated by the individual. Of special interest to Netegrity is the permission-based attribute sharing functionality. With this functionality, Liberty is able to ensure that user attributes are released to only to those entities for whom the user has given explicit consent.

What is the role of SAML in the Liberty Alliance 2.0 spec?
Mishra: SAML 1.0 is a foundation specification for all of the Liberty Alliance specifications and this will continue to be the case in Liberty Alliance 2.0.

Is the part of the spec dealing with SAML the same part of the spec that will be going to OASIS?
Mishra: Liberty is going to provide the OASIS SSTC (which is the committee overseeing SAML) with the Liberty Alliance 1.1 specifications (this corresponds roughly to ID-FF in the latest Liberty messaging). SAML 2.0 will build on these specifications and will provide users with a single approach for federation, shared sessioning and single sign-on.

Do you anticipate that OASIS is likely to require changes in the spec? Or more likely that OASIS will approve it as submitted?
Mishra: We cannot answer this question at this time. The SSTC will review the Liberty Alliance 1.1 materials and make changes as requested by SSTC participants. The overall goal would be to ensure that a single family of specifications be used by Liberty and SAML for single-sign on, federation and shared sessioning. If there are any changes, there are likely to be modest extensions of the Liberty Alliance 1.1 specifications.

Do you see SAML implementation as an important factor in wider use and acceptance of the Liberty Alliance spec?
Mishra: OASIS is a standards body and by submitting the Liberty Alliance 1.1 specifications to the OASIS SSTC, Liberty Alliance is indicating its interest in the broadest possible standardization process. This can only enhance acceptance and use of the Liberty Alliance 1.1 specifications.

How has Netegrity influenced the Liberty Alliance 2.0 spec?
Mishra: Netegrity is a sponsor member of Liberty and several of Netegrity's personnel are involved in the development of the Liberty specification.

What does Netegrity hope to accomplish in future cooperation with the Liberty Alliance?
Mishra: We plan to continue to participate in the development of the Liberty Alliance 2.0 specifications as well as SAML 2.0.