It's all about simplifying security. SAML, which has its roots in consumer-based e-commerce, is catching on in the enterprise because it frees you from getting tied down to one vendor's identity system or authentication method. Rather than having each application use a different authentication scheme, all applications speak SAML.
SAML 1.1 is an XML framework developed by OASIS (Organization for the Advancement of Structured Information Standards). It's used for Web single sign-on in the Liberty Alliance specification 1.1 as well as for authentication services in the alliance's Web Services Security specification. (For more on the Liberty Alliance spec, see "Give Me Liberty?" and "Making ID Management Manageable".) Web services are emerging as a hot spot for SAML: Provisioning packages such as Novell's Nsure and Computer Associates' eTrust Admin soon will support SAML. Meanwhile, key software vendors, including CrossLogix, IBM's Tivoli Systems, Netegrity, Novell, Oblix, RSA Security and Sun Microsystems, offer support for SAML in their security applications. And Microsoft's new .Net Server operating system will come with SAML support, too (for more on Web Services Security, see "Dive Carefully".
The link for this article located at SecurityPipeline is no longer available.