In SAML the term assertionhas a very speci?¬?c meaning. It is a
special Extensible Markup Language (XML)??“based format, precisely
described by the SAML speci?¬?cation, which is designed
for transporting security information. It can contain authentication
statements (Alice signed in using authentication method x),
attribute statements (Alice belongs to the Managers group in the
SAML was designed
for resolving the
cross-domain single
sign-on problem
SAML introduces
the concepts of
asserting party and
relying party
78 The Problem
AP realm), and other kinds of assertions. The result is an
extremely ?¬‚exible and powerful tool for describing a digital
identity or parts of it. The choice of using XML pays off in terms
of interoperability and avoids the pitfalls we observed in
Kerberos.
The rest of the SAML speci?¬?cation (protocol, bindings, and pro-
?¬?les) deals with the details of how to request an assertion, how
to embed assertions in existing protocols and transports, and
how to address speci?¬?c scenarios such as how to solve the
browser SSO by passing an assertion by value or by reference.
The details of the SAML speci?¬?cation, such as all the different
browser redirects that may occur while issuing and propagating
an assertion, can be fairly complex and are beyond this scope of
this discussion.
Pages:
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148