Security Assertion Markup Language (SAML, pronounced "sam-el") is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. SAML dates from 2001; the most recent update of SAML is from 2005.
The single most important problem that SAML addresses is the web browser single sign-on (SSO) problem. Single sign-on solutions are abundant at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another, more recent approach to addressing the browser SSO problem is the OpenID protocol.)
The SAML specification defines three roles: the principal (typically a user), the identity provider (aka IdP), and the service provider (aka SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision - in other words it can decide whether to perform some service for the connected principal.
Before delivering the identity assertion to the SP, the IdP may request some information from the principal - such as a user name and password - in order to authenticate the principal. SAML specifies the assertions between the three parties: in particular, the messages that assert identity that are passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Conversely, one SP may rely on and trust assertions from many independent IdPs.
SAML does not specify the implementation of the identity provider service; it may use a username/password, it may use multifactor authentication, it may have an opaque implementation. A company's directory service, which allows users to login with a user name and password, is a typical example of an identity provider. Any of the popular common internet social services also provide identity services that in theory could be used to support SAML exchanges.
Read more about Security Assertion Markup Language: History of SAML, Versions of SAML, SAML Building Blocks, The Anatomy of SAML, The SAML Use Case, The Use of SOAP, SAML Security, Profiles of SAML
Famous quotes containing the words security, assertion and/or language:
“It is hard for those who have never known persecution,
And who have never known a Christian,
To believe these tales of Christian persecution.
It is hard for those who live near a Bank
To doubt the security of their money.”
—T.S. (Thomas Stearns)
“I feel a kind of reverence for the first books of young authors. There is so much aspiration in them, so much audacious hope and trembling fear, so much of the heart’s history, that all errors and shortcomings are for a while lost sight of in the amiable self assertion of youth.”
—Henry Wadsworth Longfellow (1807–1882)
“Poetry is the universal language which the heart holds with nature and itself. He who has a contempt for poetry, cannot have much respect for himself, or for anything else.”
—William Hazlitt (1778–1830)