Security Assertion Markup Language (SAML)

---

• federated network or cloud needs specific protocols and technologies to:
  • implement user identity assertions
  • and transmit claims between the principal, the relying party, and the identity provider
• SAML is one protocol

Security Assertion Markup Language (SAML) is an XML-based data format used to exchange authentication information between a client and a service.

• SAML assertions (claims) are written in eXtensible Markup Language (XML)
• Communications are established using HTTP/HTTPS and the Simple Object Access Protocol (SOAP)
  • XML-based web services protocol that is used to exchange messages
• the secure tokens are signed using the XML signature specification
• use of a digital signature allows the relying party to trust the identity provider

Info

• Most other federated identity frameworks use the service provider terminology
  • e.g., OAuth
• In SAML, the service provider is referred to as a relying party (RP).

Example

example of a SAML implementation is Amazon Web Services (AWS).

• functions as a SAML relying party
  • allows companies using AWS to
    • develop cloud applications to manage their customers’ user identities
    • and provide them with permissions on AWS without having to create accounts for them on AWS directly

SAML Authentication

• 3 actors in a SAML request
  • Principal
    • end-user wanting to use a server
  • Identity provider
    • organization providing proof of identity
  • Service provider
    • web-based server that the end-user wants to access