RSA Security Embraces SAML Standard Across Product Lines

RSA Security demonstrates SAML functionality with RSA ClearTrust® software at the Burton Group Catalyst Conference in San Francisco on July 15

BEDFORD, Mass., July 9, 2002 — RSA Security (NASDAQ: RSAS), the most trusted name in e-security®, today announced its broad scale intention to support the proposed OASIS Security Assertion Markup Language (SAML) specification across its product lines. The SAML 1.0 specification, which is an XML framework for exchanging authentication, attribute and authorization information, is designed to enable secure single sign-on to applications within organizations, as well as across companies. RSA Security plans to incorporate SAML functionality with RSA ClearTrust® Web access management software by the end of the year, and intends to follow with support across other solutions, reflecting RSA Security’s corporate commitment to deliver highly interoperable products.

“SAML has strong marketplace momentum, as evidenced by the broad range of security vendors who have committed to implementing the standard,” said James Kobielus, senior analyst at Burton Group. “RSA Security has played an important role in industry forums that developed the standard, and the company is in the forefront of vendors who are implementing SAML in their security products. RSA Security’s participation in the SAML industry interoperability event at Catalyst 2002 North America demonstrates that SAML-based security interoperability can play an important role in heterogeneous Web services security environments.”

The RSA ClearTrust Web access management solution is designed to be an easy-to-deploy, rules-based solution that centrally controls and manages user access privileges to Web resources based on definable user attributes, business rules and security policies of an organization. RSA Security is incorporating SAML into RSA ClearTrust software to enable a standards-based approach to implementing Web single sign-on and allowing authentication and identity information to be shared among multiple organizations and servers. The use of the SAML standard is a key step in fostering interoperability, facilitating industry growth and limiting proprietary implementations. To support standardization efforts, RSA Security is granting non-exclusive royalty-free licensing for two patents to companies building and using SAML implementations. (See press release dated April 29, 2002 and RSA Security’s Web site for more details.)

RSA Security is showcasing its SAML-compliant solution at SAML Interoperability 2002, a SAML 1.0 interoperability showcase at the Burton Group Catalyst Conference in San Francisco on July 15. The showcase will demonstrate an e-marketplace that allows users to sign-on to one site with the transparent transfer of security credentials and information across affiliated sites. The solution demonstrated allows online business partners to easily and securely share authentication and authorization information across corporate boundaries, which is intended to strengthen business relationships and maintain a faster, seamless and hassle-free end-user experience.

“SAML is becoming an important standard for authenticating and exchanging user identities across Web applications and services, providing users the benefits of single sign-on,” said John Worrall, vice president of worldwide marketing at RSA Security. “It is one of many standards movements, including the Liberty Alliance, in which RSA Security has played an active founding role to assure that we develop the right foundations for strong Web access management, identity management and Web services solutions. We strongly embrace industry standards as a means of delivering better value and investment security to our customer base.”

About RSA Security Inc.
RSA Security Inc., the most trusted name in e-security, helps organizations build trusted e-business processes through its RSA SecurID® two-factor authentication, RSA ClearTrust® Web access management, RSA BSAFE encryption and RSA Keon® digital certificate management product families. With approximately one billion RSA BSAFE-enabled applications in use worldwide, more than 12 million RSA SecurID authentication users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the online economy. RSA Security can be reached at

RSA, BSAFE, ClearTrust, Keon, SecurID and The Most Trusted Name in e-Security are registered trademarks of RSA Security Inc. All other products and services mentioned are trademarks of their respective companies.

This press release contains forward-looking statements relating to RSA Security’s plans to implement the SAML specifications across its product lines, as well as the successful adoption of the SAML standard generally. These statements involve a number of risks and uncertainties. Some of the important factors that could cause actual results to differ materially from those indicated by the forward-looking statements are general economic conditions, including the current weakness in the global economy, delays in product development, technical difficulties, software bugs and errors, competitive pressures, changes in customer requirements, market acceptance of new technologies, failure to develop or maintain strategic partner relationships, technological changes in the computer industry and the risk factors detailed from time to time in RSA Security’s periodic reports and registration statements filed with the Securities and Exchange Commission, including without limitation RSA Security’s Annual Report on Form 10?K filed on April 1, 2002 and Quarterly Report on Form 10-Q filed on May 8, 2002.

Don't miss