SAML (Security Assertion Markup Language)
SAML is the Security Assertion Markup Language.
SAML is a derivative of XML which is designed for the exchange of authentication and authorization data.
The purpose of SAML is to enable Single Sign-On for web applications.
SAML utilizes TLS to ensure the confidentiality of authentication and authorization data during transit.
SAML Standards
SAML is defined by the Organization for the Advancement of Structured Information Standards (OASIS).
| saml-conformance-2.0-os | Conformance Requirements |
| saml-core-2.0-os | Assertions and Protocols |
| saml-bindings-2.0-os | Bindings |
| saml-profiles-2.0-os | Profiles |
| saml-metadata-2.0-os | Metadata |
| saml-authn-context-2.0-os | Authentication Context |
| saml-sec-consider-2.0-os | Security and Privacy Considerations |
| saml-glossary-2.0-os | SAML Glossary |
SAML Alternatives
WS-Security is a SOAP-based protocol for sharing authentication and authorization information.
WS-Security was developed developed by IBM, Microsoft, and Verisign.
The WS-Security standard has now been transferred to OASIS for further development.
|
|
- LDAP Security Issues
RFC 2829 – Authentication Methods for LDAP defines the basic threats to an LDAP directory service: Unauthorized access to data via data-fetching operations, Unauthorized access to reusable client authentication information by monitoring others' access, Unauthorized access to data by monitoring others' access, Unauthorized modification of data, Unauthorized modification of configuration, Unauthorized or excessive use of [...]...
- Federated Identity Management
Federated Identity Management is a version of Single Sign-On where each device, system, and application queries a centralized database for authentication and authorization information. In addition to the goals of any other identity management system, Federated Identity Management systems are tasked with enabling authentication and authorization data across organizational boundaries. In a true Federated Identity [...]...
- How to Configure Wireless Security
Wireless security is used to limit the scope of users that have access to services you install when implementing a wireless access point or wireless router device. These devices are used to provide convenient intranet and/or Internet access without having to run cable through buildings or other areas of coverage where return on investment is [...]...
- AAA (Authentication, Authorization, and Accounting)
AAA (Authentication, Authorization, and Accounting) is a model for access control. Authentication Authentication is proving who you are. Authentication answers the question Who is this person? Authentication is the first component of the AAA (Authentication, Authorization, and Accounting) model for access control. Authentication must precede Authorization, because you must prove who you are before the [...]...
- SQL (Structured Query Language)
SQL (Structured Query Language) is the most common standardized database language used to create, retrieve, access, modify, controland manage relational databases. SQL is a querying language exclusively designed for controlling data and managing databases effectively. SQL was originally developed by IBM (International Business Machines Corporation) in the 1970's for their DB2 RDBMS. The team of [...]...