The Security Assertion Markup Language (SAML) is an XML-based framework for communicating user authentication, entitlement, and attribute information. It was developed and continues to be advanced by the Security Services Technical Committee of the open standards consortium, OASIS (Organization for the Advancement of Structured Information Standards).

As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application.

Prior to SAML, there was no XML-based standard that enabled exchange of security information between a security system (such as an authentication authority) and an application that trusts the security system. SAML provides a standard XML representation for specifying this information and interoperable ways to exchange and obtain it.

SAML is a flexible and extensible standard designed to be used - and customized if necessary - by other by other standards. The Liberty Alliance, the Internet2 Shibboleth project, and the OASIS Web Services Security (WS- Security) Technical Committee have all adopted SAML as a technological underpinning for various purposes.

SAML has emerged as the gold standard for federated identity. By defining standardized
mechanisms for the communication of security and identity information between business partners, SAML makes federated identity, and the crossdomain transactions that it enables, a reality. Importantly, with SAML V2.0, the industry has taken a key step towards convergence in the federated identity management standards space.

See also:

- SAML Executive Overview
- SAML Technical Overview