Security Assertion Markup Language (SAML, pronounced "sam-el") is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee. SAML dates from 2001; the most recent update of SAML is from 2005.
The single most important problem that SAML addresses is the web browser single sign-on (SSO) problem. Single sign-on solutions are abundant at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another, more recent approach to addressing the browser SSO problem is the OpenID protocol.)
The SAML specification defines three roles: the principal (typically a user), the identity provider (aka IdP), and the service provider (aka SP). In the use case addressed by SAML, the principal requests a service from the service provider. The service provider requests and obtains an identity assertion from the identity provider. On the basis of this assertion, the service provider can make an access control decision - in other words it can decide whether to perform some service for the connected principal.
Before delivering the identity assertion to the SP, the IdP may request some information from the principal - such as a user name and password - in order to authenticate the principal. SAML specifies the assertions between the three parties: in particular, the messages that assert identity that are passed from the IdP to the SP. In SAML, one identity provider may provide SAML assertions to many service providers. Conversely, one SP may rely on and trust assertions from many independent IdPs.
SAML does not specify the implementation of the identity provider service; it may use a username/password, it may use multifactor authentication, it may have an opaque implementation. A company's directory service, which allows users to login with a user name and password, is a typical example of an identity provider. Any of the popular common internet social services also provide identity services that in theory could be used to support SAML exchanges.
Read more about Security Assertion Markup Language: History of SAML, Versions of SAML, SAML Building Blocks, The Anatomy of SAML, The SAML Use Case, The Use of SOAP, SAML Security, Profiles of SAML
Famous quotes containing the words security, assertion and/or language:
“It seems to me that our three basic needs, for food and security and love, are so mixed and mingled and entwined that we cannot straightly think of one without the others. So it happens that when I write of hunger, I am really writing about love and the hunger for it, and warmth and the love of it and the hunger for it ... and then the warmth and richness and fine reality of hunger satisfied ... and it is all one.”
—M.F.K. Fisher (b. 1908)
“What causes adolescents to rebel is not the assertion of authority but the arbitrary use of power, with little explanation of the rules and no involvement in decision-making. . . . Involving the adolescent in decisions doesn’t mean that you are giving up your authority. It means acknowledging that the teenager is growing up and has the right to participate in decisions that affect his or her life.”
—Laurence Steinberg (20th century)
“You can’t write about people out of textbooks, and you can’t use jargon. You have to speak clearly and simply and purely in a language that a six-year-old child can understand; and yet have the meanings and the overtones of language, and the implications, that appeal to the highest intelligence.”
—Katherine Anne Porter (1890–1980)