From NovaOrdis Knowledge Base
Jump to: navigation, search




SAML 2.0


SAML stands for Security Assertion Markup Language. It is an XML-based open-standard data format and a set of conventions for exchanging authentication and authorization information between heterogenous parties, designated by the standard as Identity Provider (IdP) and Service Provider (SP). The parties exchange security assertions in a vendor-independent manager. The type of information being exchanged is whether user are authenticated, what rights, roles and access those users have, and how they can use data and resources based on those rights and roles. However, SAML does not specifies the underlying user authentication mechanism.

SAML is an OASIS approved standard. SAML 2.0 specification was released in March 2005. SAML was designed to be flexible and extensible, and as such is used by other standards. It is platform-neutral and vendor-netural. OASIS WS-Security standards have adopted SAML as the basis of their identity management.

The most important use case for SAML is web browser single sign-on (SSO) between independent but cooperating parties. Other use cases are attribute-based authorization, identity federation and WS-Security. SAML use cases are defined by the standard documents as profiles. A profile combines assertions, protocols and bindings to support a specific use case.