security assertion markup language (SAML)
Security Assertion Markup Language (SAML) is a security assertion markup language that belongs to Web services and supports the secure exchange of authentication and authorization information between partners' security systems and e-business platforms.
In SAML, an XML-basedframework, the user submits his username and password to the authentication entity - which can be an Identity Provider( IdP).
This instanceverifies the authentication and generates the security-related information, the SAML assertions, which are transmitted to the service provider summarized in a SAML token. With the SAML token, the user can access secured areas at the service provider. The token is checked again on access and the decision is made on the basis of the attributes as to which areas the user is allowed to access. This is attached to the token in the form of an assertion and presented to the business partner.
SAML uses elements of HTTP and the Simple Object Access Protocol ( SOAP) in addition to the Extensible Markup Language(XML).