Security Assertion Markup Language

Security Assertion Markup Language (SAML, pronounced SAM-el, /ˈsæməl/)^[1] is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). SAML is also:

A set of XML-based protocol messages
A set of protocol message bindings
A set of profiles (utilizing all of the above)

An important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.^[2]

^ "What is SAML? - A Word Definition From the Webopedia Computer Dictionary". Webopedia.com. 25 June 2002. Retrieved 2013-09-21.
^ J. Hughes et al. Profiles for the OASIS Security Assertion Markup Language (SAML) 2.0. OASIS Standard, March 2005. Document identifier: saml-profiles-2.0-os http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf (for the latest working draft of this specification with errata, see: https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf)

[ISnTY-1] "What is SAML? - A Word Definition From the Webopedia Computer Dictionary". Webopedia.com. 25 June 2002. Retrieved 2013-09-21.

[SAMLProf20-2] J. Hughes et al. Profiles for the OASIS Security Assertion Markup Language (SAML) 2.0. OASIS Standard, March 2005. Document identifier: saml-profiles-2.0-os http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf (for the latest working draft of this specification with errata, see: https://www.oasis-open.org/committees/download.php/56782/sstc-saml-profiles-errata-2.0-wd-07.pdf)

[1]

[2]