Example Interoperability Framework
An entire IF can take several dozen pages. Table 17-1 shows four entries from an interoperability framework. The example shows parts of two subareas: Encryption Standards and Federation Standards. These would be a larger table of external standards that the organization supports.
Table 17-1. Portion of an interoperability framework
|
2.3 Encryption Standards | ||||
|
Description |
Reference |
Status |
Review |
Notes |
|
XMLsig |
Approved |
Annually |
XML Signature Syntax and Processing (XMLsig) is defined by W3C. W3C Recommendation 12.02.2002. | |
|
XMLenc |
Approved |
Annually |
XML-Encryption Syntax and Processing. W3C Recommendation 10.12.2002. XML Encryption is used to secure encrypted transport of content. Used when security on the transport-level (such as SSL) is not sufficient. | |
|
2.4 Federation Standards | ||||
|
SAML (Security Assertions Markup Language) Version 1.1 |
http://www.oasis-open.org/committees/download.php/6837/sstc-saml-tech-overview-1.1-cd.pdf |
Approved |
Annually |
OASIS/SSTC Version 1.1 - 22.09.2003. SAML enables single sign-on and enables federated identification mechanisms. |
|
SAML (Security Assertions Markup Language) Version 2.0 |
http://www.oasis-open.org/committees/download.php/7874/sstc-saml-tech-overview-2.0-draft-01.pdf |
Emerging |
Quarterly |
SAML 2.0 is currently a draft specification. Use in production project is subject to approval and supporting product availability. ... |