SAML

SAML specifies three components: assertions, protocol, and binding. There are three assertions: authentication, attribute, and authorization. Authentication assertion validates the user's identity. Attribute assertion contains specific information about the user. And authorization assertion identifies what the user is authorized to do.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

Getting started with SAML

To explore how the SAML is used in the enterprise, here are some additional resources:

Identity federation standards ease authentication pains Federation frameworks like SAML and OpenID can make authentication easier on organizations. Learn how these frameworks compare and which one is right for your corporation.

Read more about SAML: - SearchSecurity has a collection of links related to SAML. - OASIS provides more information about SAML and its standards status.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Controls monitoring helps with governance, risk and compliance Gartner says continuous controls monitoring for transactions is a GRC technology that promises to reduce compliance costs and improve financial... Identity management for financial firms in turbulent times Mark Diodati explains how financial services firms are stepping up their identity management efforts Diebold ATMs in Russia targeted with malware Company issued a security update after criminals attacked its Windows-based ATMs in Russia and installed malware.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CTCI (Computer-to-computer interface)  (SearchFinancialSecurity.com) Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities... DROP (delivery of real-time execution information protocol)  (SearchFinancialSecurity.com) DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated...