As befits a general framework for communicating security and identity information, SAML is being applied in a number of different ways, some of which are presented here.

Web SSO: In Web single sign-on, a user authenticates to one web site and then, without additional authentication, is able to access some personalized or customized resources at another site. SAML enables web SSO through the communication of an authentication assertion from the first site to the second which, if confident of the origin of the assertion, can choose to log in the user as if they had authenticated directly.

Attribute-based authorization: Similar to the Web SSO scenario, the attribute-based authorization model has one web site communicating identity information about a subject to another web site in support of some transaction. However, the identity information may be some characteristic of the subject (such as a person's role in a B2B scenario) rather than, or in addition to, information about when and how the person was authenticated. The attribute-based authorization model is important when the individual's particular identity is either not important, should not be shared (for privacy reasons), or is insufficient on its own.

Securing Web services: SAML assertions can be used within SOAP messages in order to carry security and identity information between actors in Web service transactions. The SAML Token Profile of the OASIS WS-Security TC specifies how SAML assertions should be used for this purpose. The Liberty Alliance's Identity Web Service Framework (ID-WSF) also uses SAML assertions as the base security token for enabling secure and privacy-respecting access to Web services.

See also:

- SAML Executive Overview
- SAML Technical Overview