Security Assertion Markup Language (SAML)

SAML is a vendor neutral XML-based framework for exchanging security information being developed by the OASIS XML-based Security Services Technical Committee (SSTC). It defines XML/SOAP-based protocol interactions that support real-time authentication and authorization across federated Web services environments.

The standard defines request and response messages that security domains use to exchange authentication, attribute and authorization information in the form of trust-assertion messages about named users and resources. Users log on to their home domains through authentication techniques such as ID/password or Kerberos, and this authentication is communicated to a federated destination site through a SAML authentication assertion.

SAML is designed to deliver interoperability between compliant Web access management and security products. It means that users should be able to sign-on at one Web site and have their security credentials transferred automatically to partner sites, enabling them to authenticate once to access systems and resources through Web sites maintained by associated business partners.

The SAML specification doesn't define any new technology or approaches for authentication. Rather, it establishes assertion and protocol schemata for the documents that transport security information. By defining how identity and access information is exchanged, SAML presents a common language through which organizations can communicate without having to modify their own internal security architectures.

SAML is designed to work with HTTP, SMTP, FTP and several XML frameworks, including SOAP and ebXML.