SAML

SAML specifies three components: assertions, protocol, and binding. There are three assertions: authentication, attribute, and authorization. Authentication assertion validates the user's identity. Attribute assertion contains specific information about the user. And authorization assertion identifies what the user is authorized to do.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

Getting started with SAML

To explore how the SAML is used in the enterprise, here are some additional resources:

Identity federation standards ease authentication pains Federation frameworks like SAML and OpenID can make authentication easier on organizations. Learn how these frameworks compare and which one is right for your corporation.

Learn more about Financial transaction protocols and security

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - OASIS provides more information about SAML and its standards status.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Check fraud scams: Old problem that isn't going away Despite the decline in checks, check fraud remains a big problem for banks and experts say the evolution of checks has made it difficult for legacy... NACHA offers tips for financial institutions to combat ACH fraud Organization that oversees the ACH network says banks should deploy multi-factor authentication and take other steps to curb the increase in... FDIC: Educate business customers about the need for security Criminals are targeting banks' business customers and stealing their online credentials to make fraudulent wire and ACH transfers, agency says.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CTCI (Computer-to-computer interface)  (SearchFinancialSecurity.com) Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities... DROP (delivery of real-time execution information protocol)  (SearchFinancialSecurity.com) DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated...