SAML (Security Assertions Markup Language)
SAML (Security Assertions Markup Language) is an industry standard ratified by OASIS (Organization for Advancement Structured Information Sciences). This XML-based framework provides a standard way to define user authentication, entitlements and attribute information in XML documents.
As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject to other entities, which may be a partner company, another enterprise application etc. These assertions are passed as XML documents, either pushed from the Asserting Party to the Relying Party or pulled from the Asserting Party to the Relying Party.
Why is it needed?
For both B2B and B2C, a single ‘transaction’ can often now be distributed across multiple companies, multiple Web sites, and multiple marketplaces, all of which may have their own authentication and authorization schemes. Companies need a standard, open framework that will enable them to build trust chains across company boundaries, heterogeneous platforms, and multiple vendor solutions.
The Liberty Alliance based its Phase 1 specifications for federated Internet identity in large part on SAML.
The SAML 1.0 specification was ratified as an OASIS Open Standard by the OASIS Security Services Technical Committee in November 2002.
Entrust is an active member of the OASIS Security Services Technical Committee working on SAML. Additionally, Entrust was a specification editor for the Liberty Alliance’s Phase 1 specifications. The latest release of Entrust GetAccess™ uses SAML to define user authentication, entitlements and attribute information in XML.