Get savvy about SAML

If you build it, they will come. That’s the hope for the Security Assertion Markup Language that it will help boost the adoption of single sign-on.

SAML offers a structure for carrying out single sign-on authentication. However, Web sites must agree to trust each other’s methods for authenticating before SAML can truly be effective.

The way SAML works is that a user logs on to a Web site and is authenticated. If they want to leave that site to access another SAML-enabled site, a sort of handshake is done to check authorization, and they are either allowed or denied permission to head to the next site. All this is done transparent to the user – in other words they don’t have to log on to yet another site.

SAML, a form of XML, has three components: authentication, authorization and attribution, according to the Organization for the Advancement of Structured Information Standards (OASIS). Authentication validates the user who is requesting access, authorization shows what the user is able to do; and attribute offers details about the user or computer. These components can be applied to business-to-business transactions and business-to-consumer transactions that involve live users or automated computers.

SAML works in conjunction with the Simple Object Access Protocol, a critical element of Web services, as well as BizTalk and e-business XML. Version 1.0 of the SAML standard was approved in November by OASIS. OASIS is looking to SAML to provide Web-based security interoperability functions that are currently lacking in other Web services standards.

But SAML has a hook. In order for it to be successful, networks of Web sites need to employ similar authorities, attributes and assertions about a user so that handoffs are clearly understood. If that happens, SAML will help propel e-commerce and Internet usage as a whole to a new level.

For more on SAML, including a diagram of how it works, check out Network World’s Tech Update at https://www.nwfusion.com/news/tech/2003/0421techupdate.html