Security Assertion Markup Language
The Security Assertion Markup Language ( SAML ) is an XML - framework for exchanging authentication and authorization information. It provides functions to describe and transfer safety-related information .
SAML was developed from 2001 by the OASIS consortium. This consortium includes companies such as Sun Microsystems (acquired by Oracle ), IBM , Nokia and SAP . During development, the following use cases were in view:
- Single sign-on
- After logging on to a web application, a user is automatically authenticated to use other applications.
- Distributed Transactions
- several users work together on a transaction and share the security information.
- Authorization services
- communication with a service takes place via an intermediate station that checks the authorization.
These services are to be offered primarily for web services.
SAML consists of SAML assertions, the SAML protocol, SAML bindings and profiles.
Structure of SAML
SAML assertions
A SAML assertion contains statements of the form:
<saml:Assertion ...> ... </saml:Assertion>
These statements describe facts related to a subject:
Assertion A was checked by examiner R at time t with respect to subject S under condition C.
SAML assertions are transmitted from the identity provider to the service provider. Assertions are statements ( statements ) that uses a service provider to decide on the permitting access. Three types of statements are used by SAML:
- Authentication statements
- Assurance of authentication for subject S at time T using M (for single sign-on)
- Attribute statements
- Assurance that a subject S has attribute A with the value a (for distributed transaction / authorization)
- Authorization decision statements
- Authorization of certain resources
See also
- Shibboleth (Internet)
- Liberty Alliance Project
- JSR-155 : JSR -155 specifies APIs that support the exchange as assertions according to SAML (on February 18, 2010 the JSR was withdrawn; status: Withdrawn).