My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Saturday, April 22, 2006
« WS-I Profiles - The Future... | Main | XML Schema Patterns for Common Data Stru... »

Someone on one of the OASIS lists asked for a “SAML Elevator Pitch”. Eve Maler [Sun] pointed to her “SAML in a technical nutshell” [PDF] slide desk. Good read!

SAML in a technical nutshell:

  • XML-based framework for marshaling security and identity information and exchanging it across domain boundaries
    • Wraps existing security technologies rather than inventing new ones
    • Its profiles offer interop for a variety of use cases, but you can extend and profile it further
  • At SAML's core: assertions about subjects
    • Assertions contain statements: authentication, attribute, entitlement, or roll-your-own

Key use cases covered by SAML out-of-the-box:

  • Single sign-on
    • Using standard browsers
    • Using enhanced HTTP clients (such as hand-held devices) that know how to interact with IdPs but are not SOAP-aware
  • Identity federation
    • Using a well-known name or attribute
    • For anonymous users by means of attributes
    • Using a privacy-preserving pseudonym
  • Attribute services
    • Getting attributes that can be interpreted according to several common attribute/directory technologies
  • Single logout
Tags:: Security
4/22/2006 8:22 AM Eastern Daylight Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.