SAML
Home > Financial Services Information Security Definitions - SAML
SearchFinancialSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

SAML

Show me everything on Financial transaction protocols and security

DEFINITION - SAML (Security Assertion Markup Language) is an Extensible Markup Language (XML) standard that allows a user to log on once for affiliated but separate Web sites. SAML is designed for business-to-business (B2B) and business-to-consumer (B2C) transactions.

SAML specifies three components: assertions, protocol, and binding. There are three assertions: authentication, attribute, and authorization. Authentication assertion validates the user's identity. Attribute assertion contains specific information about the user. And authorization assertion identifies what the user is authorized to do.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

Getting started with SAML
To explore how the SAML is used in the enterprise, here are some additional resources:
Identity federation standards ease authentication pains
Federation frameworks like SAML and OpenID can make authentication easier on organizations. Learn how these frameworks compare and which one is right for your corporation.

Learn more about Financial transaction protocols and security
Identity management for financial firms in turbulent times: Mark Diodati explains how financial services firms are stepping up their identity management efforts
How to communicate the value of security controls for online transactions: Draw analogies to the physical world in order to convey the importance of security controls for online transactions.
Mobile payment adoption risks: Rick Lawhorn lays out the top three risk factors and what your company should do to help overcome them.
Protecting third party processes on all levels: Financial firms have numerous third party partnerships, but these partnerships come with security risks. Compliance expert Richard Mackey explains how to assess the risk.
Case study: How outsourcing services enable PCI DSS compliance: Qualified Security Assessor Spyro Malspinas recounts his consulting experience with ACME and explains how a decision to outsource can lead to some surprising compliance benefits.

CONTRIBUTORS: Gerard Enter
LAST UPDATED: 13 May 2009

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- OASIS provides more information about SAML and its standards status.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
FDIC: Educate business customers about the need for security
Criminals are targeting banks' business customers and stealing their online credentials to make fraudulent wire and ACH transfers, agency says.
Financial institutions reported more suspected fraud in 2008
FinCEN says number of Suspicious Activity Report filings related to fraud increased last year. However, experts say banks are cutting back on AML...
Controls monitoring helps with governance, risk and compliance
Gartner says continuous controls monitoring for transactions is a GRC technology that promises to reduce compliance costs and improve financial...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
CTCI (Computer-to-computer interface)  (SearchFinancialSecurity.com)
Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities...
DROP (delivery of real-time execution information protocol)  (SearchFinancialSecurity.com)
DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated...




SAML White Papers by Financial Security Experts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts