Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications

    SAML Unlocks Door to Web Services

    By
    Jim Rapoza
    -
    December 9, 2002
    Share
    Facebook
    Twitter
    Linkedin

      Early last month, a key element in using Web services for business applications reached a milestone when SAML 1.0 was released as a standard by the XML consortium OASIS, or Organization for the Advancement of Structured Information Standards.

      Security Assertion Markup Language, which is based on XML, provides a framework for authentication and authorization in Web services—something that has been sorely missing. SAML also makes it possible to provide single-sign-on capabilities, one reason that it is a core technology behind the Liberty Alliances ID management effort.

      Although not all security and access control applications may be up to the final standard specification, many already incorporate some form of SAML support. This isnt surprising, given that the SAML working group comprises representatives from most of the leading authentication vendors.

      However, even if your business isnt using one of these applications, incorporating SAML into your Web services is not difficult. eWeek Labs found the SAML specification to be simple and straightforward. If you can write an XML-based Web service, you can easily define authentication using SAML.

      In its most basic form, SAML associates an identity (such as an e-mail address or a directory listing) with a subject (such as a user or system) and defines the access rights for this, subject to a specific domain.

      One of the biggest strengths of SAML is how well it can interoperate with any kind of system. For example, when it comes to authentication, SAML supports almost everything, from passwords to hardware tokens to public keys to secure certificates. SAML also has built-in support for XML signatures, making it possible to handle not only authentication but also message integrity and nonrepudiation of the sender.

      Web Resources

      • Liberty Alliance home page projectliberty.org
      • SAML information from OASIS www.oasis-open.org/committees/security
      • Technology reports on SAML xml.coverpages.org/saml.html
      • World Wide Web Consortiums XML Signature page www.w3.org/signature
      • W3Cs XML Encryption page www.w3.org/encryption/2001

      The defined transport mech- anism for SAML is Simple Object Access Protocol over HTTP—no surprise, given the standards focus on Web services. However, because of its XML roots, SAML can be easily bound to any other transport mechanism.

      SAML can handle single-sign-on capabilities because a SAML authentication authority can receive and send authentication assertions. This means that as a user authenticates and takes actions in a domain, the SAML authority is aware of past authorizations and assertions.

      One potential weakness in SAML is the lack of backing by Microsoft Corp., which has so far focused on other methods for Web services single sign-on, such as Passport. However, given SAMLs open nature, Microsoft shops should have little difficulty incorporating it into their .Net Web service applications.

      To read the SAML specification document, go to www.oasisopen.org/committees/security/docs/cs-sstc-core-01.pdf.

      East Coast Technical Director Jim Rapoza can be reached at [email protected]

      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×