Skip to content.
|Networking government in New Zealand.

3. Introduction

This Framework introduces security assertion messaging, in particular the Security Assertion Markup Language (SAML) v2.0, and explains the rationale for its use by New Zealand government agencies. This document is aimed at a CIO-level audience and assumes that readers have at least a superficial knowledge of Internet-based messaging.

Communicating standardised messages (assertions) confirming the identity of parties is essential for the delivery of authenticated online services. For example, where the provider of an authentication key is separate from the provider of an online service (as per the Government Logon Service), standardised secure messages between both providers are essential to initiate and complete the identity confirmation process.

SAML v2.0, like many international interoperability standards, has a high degree of flexibility to ensure a wide appeal and uptake. However, this also creates implementation issues. The optional elements and constraints in SAML v2.0 must be agreed by agencies before they can use it to interoperate. A more detailed treatment of SAML v2.0, the New Zealand Security Assertion Messaging Standard (NZ SAMS), is under development. This Standard prescribes and constrains SAML v2.0 to an agreed deployment profile for New Zealand government agencies.

NZ SAMS is one of the suite of NZ e-GIF authentication standards providing detailed guidance for agencies to follow when designing their authentication systems. The Secure Messaging working group, comprising representatives from New Zealand government agencies and subject matter experts, is drafting NZ SAMS. The first release focuses on authentication. Subsequent releases will focus on identity attributes and authorisation. This Framework has been developed as a supplementary information resource for NZ SAMS.

SAML v2.0 and NZ SAMS will impact on CIOs most noticeably through their influence on agency strategy and enterprise architecture. As more agencies deliver online services, particularly through the use of the all-of-government authentication services, it is anticipated that these standards will have a greater impact on them. It is, therefore, essential that CIOs understand and support the rationale for using SAML v2.0 and NZ SAMS.

To help understand the emergence of security assertion messaging and SAML v2.0, the following technical material is appended:

  • Overview of Internet-based messaging. This is a summary of various Internet-based messaging systems, including their significant characteristics and their suitability for security assertion messaging. See Appendix A.
  • Summary table of standards bodies and further information. This is a summary of the organisations that have attempted to define security assertion messaging standards and links to further information about them. See Appendix B.

For further reading, see:

[ Previous ] [ Next ]