The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
Diff for Advantages of SAML
Wed, 2007-12-12 22:00 by carolgeyer | Wed, 2007-12-12 22:56 by carolgeyer | ||
---|---|---|---|
Changes to Body | |||
Line 62 | Line 62 | ||
</li>
| </li>
| ||
</ul>
| </ul>
| ||
+ | <br />
| ||
+ | <h3>See also:</h3>
| ||
+ | <p>
| ||
+ | - <a href="http://www.oasis-open.org/committees/download.php/11785/sstc-saml-exec-overview-2.0-draft-06.pdf">SAML Executive Overview</a><br />
| ||
+ | - <a href="http://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech-overview-2.0-draft-03.pdf">SAML Technical Overview</a>
| ||
+ | </p>
| ||
Advantages of SAML
SAML benefits a diverse group. It allows security systems and application software to be developed and evolve independently. This is because SAML provides a set of interoperable standard interfaces. Standardizing the interfaces between systems allows for faster, cheaper, and more reliable integration. As more profiles of SAML usage are developed, these benefits will be opened up to more and different kinds of access management.
Producers of security software benefit by having standard schemas and protocols for expressing security information. Application developers benefit by decoupling their software from the underlying security infrastructure. Finally, end users benefit because SAML promotes single sign-on (the ability to use a variety of Internet resources without having to log in repeatedly) and a more personalized user experience that can nonetheless be made privacy-friendly.
Following are some more concrete benefits of SAML:
-
Platform neutrality. SAML abstracts the security framework away from platform architectures and particular vendor implementations. Making security more independent of application logic is an important tenet of Service-Oriented Architecture.
-
Loose coupling of directories. SAML does not require user information to be maintained and synchronized between directories.
-
Improved online experience for end users. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. In addition, identity federation (linking of multiple identities) with SAML allows for a better-customized user experience at each service while promoting privacy.
-
Reduced administrative costs for service providers. Using SAML to 'reuse' a single act of authentication (such as logging in with a username and password) multiple times across multiple services can reduce the cost of maintaining account information.This burden is transferred to the identity provider.
-
Risk transference. SAML can act to push responsibility for proper management of identities to the identity provider, which is more often compatible with its business model than that of a service provider.