[permalink] [id link]
A SAML profile is a concrete manifestation of a defined use case using a particular combination of assertions, protocols and bindings.
from
Wikipedia
Some Related Sentences
SAML and profile
SAML 2. 0 completely separates the binding concept from the underlying profile.
A SAML profile describes in detail how SAML assertions, protocols, and bindings combine to support a defined use case.
The most important SAML profile is the Web Browser SSO Profile.
SAML and is
It is used by various Web technologies such as SOAP, SAML, and others.
Security Assertion Markup Language ( SAML ) is an XML-based solution for exchanging user security information between an enterprise and a service provider.
The SAML protocol is a prominent means used to exchange identity information between two identity domains.
The Identity Governance Framework defines a set of standards to help enterprises easily determine and control how identity related information is used, stored, and propagated in appropriate and secure ways using protocols such as LDAP, SAML, and WS-Trust and ID-WSF.
Security Assertion Markup Language ( SAML, pronounced " sam-el ") is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
SAML is a product of the OASIS Security Services Technical Committee.
SAML dates from 2001 ; the most recent update of SAML is from 2005.
The single most important problem that SAML addresses is the web browser single sign-on ( SSO ) problem.
The resulting SAML V1. 1 specification, ratified by the SSTC in September 2003, is widely implemented and deployed today.
Although the two standards address the same use case, SAML 2. 0 is incompatible ( on the wire ) with its predecessor.
SAML is built upon a number of existing standards:
SAML protocol refers to what is transmitted, not how ( the latter is determined by the choice of binding ).
An important ( synchronous ) binding is the SAML SOAP binding.
An authorization decision statement asserts that a subject is permitted to perform action A on resource R given evidence E. The expressiveness of authorization decision statements in SAML is intentionally limited.
For the most part, a SAML protocol is a simple request-response protocol.
The most important type of SAML protocol request is called a query.
The result of an attribute query is a SAML response containing an assertion, which itself contains an attribute statement.
A SAML binding is a mapping of a SAML protocol message onto standard messaging formats and / or communications protocols.
For example, the SAML SOAP binding specifies how a SAML message is encapsulated in a SOAP envelope, which itself is bound to an HTTP message.
SAML and defined
These are not defined explicitly, however, and are only used in conjunction with SAML 1. 1 Web Browser SSO.
SAML and use
In the use case addressed by SAML, the principal requests a service from the service provider.
SAML does not specify the implementation of the identity provider service ; it may use a username / password, it may use multifactor authentication, it may have an opaque implementation.
The primary SAML use case is called Web Browser Single Sign-On ( SSO ).
On the back channel, SAML specifies the use of SOAP 1. 1.
SAML and using
# The SP crafts a proprietary authentication request that is passed through the browser using URL query parameters to supply the requester's SAML entityID, the assertion consumption location, and optionally the end page to return the user to.
Federations have been formed in many countries around the world to build trust structures for the exchange of information using SAML and Shibboleth software.
SAML and particular
SAML specifies the assertions between the three parties: in particular, the messages that assert identity that are passed from the IdP to the SP.
SAML and assertions
In SAML, one identity provider may provide SAML assertions to many service providers.
SAML defines XML-based assertions and protocols, bindings, and profiles.
The term SAML Core refers to the general syntax and semantics of SAML assertions as well as the protocol used to request and transmit those assertions from one system entity to another.
So SAML Core defines " bare " SAML assertions along with SAML request and response elements.
SAML assertions are usually transferred from identity providers to service providers.
A SAML protocol describes how certain SAML elements ( including assertions ) are packaged within SAML request and response elements, and gives the processing rules that SAML entities must follow when producing or consuming these elements.
For trust delegation, UNICORE uses signed SAML assertions, while local authorisation is controlled by XACML policies.
SAML and protocols
A SAML binding determines how SAML requests and responses map onto standard messaging or communications protocols.
Beyond queries, SAML 1. 1 specifies no other protocols.
The following protocols are described in detail in SAML 2. 0 Core:
Most of these protocols are completely new in SAML 2. 0.
Although the concept of trust federations is technology neutral, several protocols like SAML, Openid, Information Card, XDI can handle the challenges of technical interoperability.
0.286 seconds.