Security Assertion Markup Language
Security Assertion Markup Language (SAML) is an XML based AAA mechanism which is starting to take off as a prominent way of doing web-based SSO between different enterprises (or partners). The main reason for its success is that it takes away the complexity of handling authentication from the enterprises that actually provide the service. This advantage is especially amplified in the case of multi-tenanted environments and means that the two different environments can evolve at their own speeds.
SAML, conceptually, has three entities:
The User with their browser.
A Service Provider (SP), who is responsible for providing the resource, such as a web page.
An Identity Provider (IDP), who is responsible for confirming to the SP that a User is who they say they are and, when needed, providing additional attributes about the User that the SP can then use to make a decision on granting access to the service. The messaging units (formatted in XML) used to present...