Skip to content.
|Networking government in New Zealand.
Archive

Archived articles:

See archives for this section
 

1. Introduction

[ Table of Contents ]

Communication of standardised messages that confirm the identity of parties (assertions) is essential for the delivery of authenticated online services supplied by independent agencies acting in concert. For example, where the provider of an authentication key is separate from the provider of an online service, standardised messages between providers are essential to initiate and complete the confirmation of identity process. This New Zealand Security Assertion Messaging Standard (NZ SAMS) prescribes the design and transport of these messages in New Zealand government online services.

The Standard is a New Zealand government agency deployment profile of the OASIS Security Assertion Markup Language (SAML) v2.0 Standard. OASIS SAML v2.0 is an XML-based specification set developed under the auspices of the Organization for the Advancement of Structured Information Standards (OASIS). SAML v2.0 defines messages for communicating a range of security-related statements about individual parties, including their authentication.

A range of OASIS SAML v2.0 profiles for authentication-related assertions that are required by agencies are included in this Standard. These profiles have been selected to support the New Zealand government generic 'usage pattern' for security assertion messaging, and will enable agencies to address the following technical issues:

  • non-interoperability of identity management applications
  • confidentiality and integrity of machine/application-based messages
  • limitations of browser-based cookies.

A general introduction to security assertion messaging, the Security Assertion Messaging Framework is a companion document complementing the suite of authentication standards. The Security Assertion Messaging Framework has been written for readers without an extensive technical understanding of the security assertion messaging landscape.

Readers should appreciate the continually evolving nature of specifications and subsequent prescriptions of the OASIS SAML v2.0 Specifications contained in this Standard. While the NZ SAMS prescription of OASIS SAML v2.0 is based on analysis of the OASIS SAML v2.0 Specifications mapped to government agency use cases, the Government Logon Service (GLS) and the proposed all-of-government Identity Verification Service (IVS) requirements current at the time of writing, these foundation reference points may change over time (see 4.6 for definitions of GLS and IVS). Exchanging parties implementing this Standard should refer to the latest applicable documentation available and agree on any adjustment in their implementation as and when necessary.


[ Previous | Contents | Next ]