SAML

SAML specifies three components: assertions, protocol, and binding. There are three assertions: authentication, attribute, and authorization. Authentication assertion validates the user's identity. Attribute assertion contains specific information about the user. And authorization assertion identifies what the user is authorized to do.

Protocol defines how SAML asks for and receives assertions. Binding defines how SAML message exchanges are mapped to Simple Object Access Protocol (SOAP) exchanges. SAML works with multiple protocols including Hypertext Transfer Protocol (HTTP), Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP) and also supports SOAP, BizTalk, and Electronic Business XML (ebXML). The Organization for the Advancement of Structured Information Standards (OASIS) is the standards group for SAML.

Read more about SAML: - SearchSecurity has a collection of links related to SAML. - OASIS provides more information about SAML and its standards status.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Protecting third party processes on all levels Financial firms have numerous third party partnerships, but these partnerships come with security risks. Compliance expert Richard Mackey explains how... Case study: How outsourcing services enable PCI DSS compliance Qualified Security Assessor Spyro Malspinas recounts his consulting experience with ACME and explains how a decision to outsource can lead to some... SAML ratification enables vendor interoperability Ratification of the Security Assertion Markup Language (SAML) opens the door for vendors to begin developing and shipping products that support the...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CTCI (Computer-to-computer interface)  (SearchFinancialSecurity.com) Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities... DROP (delivery of real-time execution information protocol)  (SearchFinancialSecurity.com) DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated...