An introduction to identity federation and the SAML standard
The identity federation standard, Security Assertion Markup Language, or SAML, enables single sign-on (SSO) and has a wide variety of uses for businesses, government agencies, non-profit organizations and service providers. The major limitation of SAML is that is was never optimized to enable SSO for the new breed of native mobile applications, or for applications that consolidate data and services through API calls from multiple third party sources. WS-Trust (for SOAP services), OAuth 2.0, an open standard for authorization, and OpenID Connect, which builds on the OAuth specification, have emerged to meet these needs, providing more value and flexibility for users.
This white paper introduces identity federation and SAML and describes why standards like SAML are necessary for implementing scalable, secure federated identity across organizations. The typical SAML use cases are highlighted for enterprise, small to medium sized businesses and organizations acting as service providers. Lastly, this paper reviews scenarios where SAML integrates with other key federation protocols and cross-compares WS-Federation and SAML, including the advantages and disadvantages of each.