Security Assertion Markup Language

The Security Assertion Markup Language ( SAML short ) is an XML framework for exchanging authentication and authorization information. It provides functions to describe security-related information and transmit.

SAML was developed from 2001 by the OASIS consortium. At this consortium includes companies such as Sun Microsystems, IBM, Nokia and SAP. During the development we had the following applications in mind:

  • Single Sign -on (a user after logging on to a Web application automatically entitles you to use other applications ).
  • Distributed transactions (several people work together on a transaction and share the security information ).
  • Authorization services ( communication with a service is running via an intermediate station that checks the authorization).

These services should be offered, especially for Web services.

SAML consists of SAML assertions from the SAML protocol, from SAML bindings and profiles.

Structure of SAML

SAML assertions

A SAML assertion contains statements of the form:

    ...   These statements describe facts that relate to a subject:

Assertion A was tested at time t of R auditors regarding subject S under the condition C.

SAML assertions are transferred from the identity provider to the service provider. Assertions are statements statements that uses a service provider to decide on the permitting access. Three types of statements are used by SAML: