The problem scenario?
There were many ways to exchange the data between Identity Providers and Service Providers. But any adversary vilain may tamper the communication line and may get the densitive data that is used in authentication and authorization protocols.
The Solution provided by SAML?
There are three parties that is derived from the above problem scenario.
- The Principal
- Identity Provider : Identity authority entity which provides identity assertion of a user to a service provider
- Service Provider
Typically the principal is the end user who requires access to service or resource of a service provider
What is SAML?
SAML stands for Security Assertion Markup Language. SAML is a standard and a markup language. It is some thing like HTML. SAML is a XML based, data format, which is used to exchange authentication and authorization data between an identity provider and a service provider.
In HTML you specify the interface elements using tags. In SAML you specify elements that is used to make an assertion, using tags. It is used to exchange authentication and authrization data between security domains, I.E between Identity Provider and Service Provider.
What is not SAML?
SAML is not a protocol and should not be confused with OAuth, OpenID and other authorization and authentication protocols. SAML has specified various protocols in the spec. But SAML is not a protocol.
To be specific it does not authenticate or authorize any entity. SAML is used as a language in such processes.
To be specific it does not authenticate or authorize any entity. SAML is used as a language in such processes.
No comments:
Post a Comment