LLMpediaThe first transparent, open encyclopedia generated by LLMs

SAML

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Slack (software) Hop 4
Expansion Funnel Raw 49 → Dedup 23 → NER 8 → Enqueued 8
1. Extracted49
2. After dedup23 (None)
3. After NER8 (None)
Rejected: 15 (not NE: 15)
4. Enqueued8 (None)
SAML
NameSecurity Assertion Markup Language
DeveloperOASIS
Latest release version2.0
Latest release date2005

SAML. The Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider. It is an XML-based framework that allows secure web domains to share user information, enabling single sign-on capabilities across different systems. Developed under the auspices of the OASIS consortium, it has become a foundational technology in enterprise identity management and federated access.

Overview

The primary function of this protocol is to enable single sign-on, allowing users to authenticate once and gain access to multiple, independent applications. It operates within a federated identity model, where trusted entities exchange standardized assertions about a principal. These assertions, which are digitally signed for security, convey statements about authentication events, user attributes, and authorization decisions. Major implementations and profiles are widely supported by vendors like Microsoft in its Active Directory Federation Services, and it forms the backbone of many government and educational federation projects such as InCommon.

Technical details

The core components of the specification include assertions, protocols, bindings, and profiles. An assertion is a package of security information containing authentication statements, attribute statements, and authorization decision statements. The protocol defines how requests and responses for assertions are made, typically using SOAP over HTTP. Bindings map these protocol messages onto standard messaging formats and transport protocols, while profiles constrain the specifications for specific use cases, like the Web Browser SSO Profile. The entire framework relies heavily on public key cryptography for signing and encryption, using standards like XML Signature and XML Encryption.

Use cases

A dominant application is enterprise single sign-on, allowing employees to access internal resources like the Salesforce customer relationship management platform or Google Workspace without repeated logins. It is critical in higher education, enabling students and researchers to access journal repositories like JSTOR and learning management systems like Canvas through federations. Government services, such as those offered by the United States Department of Defense via its Common Access Card, also utilize the standard for secure access. Furthermore, it enables secure business-to-business integration and access to cloud computing services from providers like Amazon Web Services.

Security considerations

While robust, implementations must guard against several attack vectors. These include man-in-the-middle attacks on the communication flow, XML signature wrapping attacks that can invalidate digital signatures, and the improper handling of assertion expiration times. Reliance on the security of the identity provider is absolute, making it a high-value target for attackers. Best practices mandate the use of strong cryptography, strict message validation, and secure token replay prevention. Security audits of deployments are often aligned with frameworks like the NIST Special Publication 800-63 guidelines on digital identity.

History and development

The standard was first developed in 2001 by the OASIS Security Services Technical Committee, with significant early contributions from organizations like Netegrity and IBM. Version 1.0 was ratified in 2002, with the more widely adopted SAML 2.0 being released in 2005, which harmonized earlier versions with related standards from the Liberty Alliance and Shibboleth project. Its development has been influenced by the broader need for internet-scale federated identity, competing and sometimes interoperating with later standards like OpenID Connect and OAuth. Key milestones in its adoption include its integration into the eGovernment frameworks of nations like Norway and its specification within the United States Federal Identity, Credential, and Access Management program.

Category:XML-based standards Category:Computer access control protocols Category:OASIS standards