Security Assertion Markup Language

Security Assertion Markup Language (SAML, pronounced "sam-el") is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. SAML dates from 2001; the most recent update of SAML is from 2005.

The single most important problem that SAML addresses is the web browser single sign-on (SSO) problem. Single sign-on solutions are abundant at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another, more recent approach to addressing the browser SSO problem is the OpenID protocol.)

The SAML specification defines three roles: the principal (typically a user), the identity provider (aka IdP), and the service provider (aka SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision - in other words it can decide whether to perform some service for the connected principal.

Before delivering the identity assertion to the SP, the IdP may request some information from the principal - such as a user name and password - in order to authenticate the principal. SAML specifies the assertions between the three parties: in particular, the messages that assert identity that are passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Conversely, one SP may rely on and trust assertions from many independent IdPs.

SAML does not specify the implementation of the identity provider service; it may use a username/password, it may use multifactor authentication, it may have an opaque implementation. A company's directory service, which allows users to login with a user name and password, is a typical example of an identity provider. Any of the popular common internet social services also provide identity services that in theory could be used to support SAML exchanges.


Read more about Security Assertion Markup Language:  History of SAML, Versions of SAML, SAML Building Blocks, The Anatomy of SAML, The SAML Use Case, The Use of SOAP, SAML Security, Profiles of SAML

Famous quotes containing the words security, assertion and/or language:

    Thanks to recent trends in the theory of knowledge, history is now better aware of its own worth and unassailability than it formerly was. It is precisely in its inexact character, in the fact that it can never be normative and does not have to be, that its security lies.
    Johan Huizinga (1872–1945)

    What stunned me was the regular assertion that feminists were “anti-family.” . . . It was motherhood that got me into the movement in the first place. I became an activist after recognizing how excruciatingly personal the political was to me and my sons. It was the women’s movement that put self-esteem back into “just a housewife,” rescuing our intelligence from the junk pile of “instinct” and making it human, deliberate, powerful.
    Mary Kay Blakely (20th century)

    the communication
    Of the dead is tongued with fire beyond the language of the living.
    —T.S. (Thomas Stearns)