The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
WS-Security OASIS Standard
The Web Services Security (WS-Security) OASIS Standard specifies how SOAP messages can have their integrity and confidentiality ensured.
WS-Security defines a framework for securing SOAP messages, with the specifics being defined in profiles determined by the nature of the security token used to carry identity information. So, for instance, there are different profiles of WS-Security for various different security token formats such as X.509 certificates and Kerberos tickets.
WS-Security and SAML
The WS-Security SAML token profile specifies how SAML assertions can be used to provide message security.
Additionally, SAML itself points to WS-Security as an approved mechanism for securing SOAP messages carrying SAML protocol messages and assertions.