Sun Java System Access Manager 7 2005Q4 Technical Overview

SAML Specifications

Access Manager uses the Security Assertion Markup Language (SAML) for exchanging security information. SAML resides within a system's security mechanisms to enable exchange of authentication and authorization information with other services. The SAML 1.0 specification set was submitted to the Organization for the Advancement of Structured Information Standards (OASIS) in March 2002 for standardization by the OASIS Security Services Technical Committee. OASIS is a not-for-profit, global consortium that drives the development, convergence and adoption of e-business standards.

SAML security information is expressed in the form of an assertion about a subject. A subject is an entity in a particular domain, either human or machine, with which the security information concerns itself. (A person identified by an email address is a subject as might be a printer.) An assertion is a package of verified security information that supplies one or more statements concerning a subject’s authentication status, access authorization decisions or attributes. Assertions are issued by a SAML authority. (An authority is a platform or application that has been integrated with the SAML SDK, allowing it to relay security information.) The assertions are received by partner sites defined within the authority as trusted. SAML authorities use different sources to configure the assertion information including external data stores or assertions that have already been received and verified.