SAML (Security Assertion Markup Language)
It’s been a while since I’ve posted something with my techie hat on, so I decided to share couple diagrams I’ve created to explain how SAML works for those who may not know what SAML is and are wondering. 🙂 Hope you find it useful.
What is SAML (Security Assertion Markup Language)?
- It’s an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
- Wikipedia: SAML
Let’s break it down a bit!
- XML (Extensible Markup Language) standard
- Extensible
- In Information Technology, we say something is “extensible” if it’s designed so that users or developers can expand it’s capabilities.
- It’s different from HTML, XML doesn’t use pre-defined tags. You can define tags and use it.
- Markup
- Terminology evolved from the “marking up” of paper manuscripts, i.e., the revision instructions by editors, traditionally written with a blue pencil on authors’ manuscripts.
- In digital world, this blue pencil instructions was replaced by “tags”.
- E.g., HTML “tags” , , , – each of these tags define elements within the page. For XML, you can define them and use it.
- Language
- It’s like HTML, but not the same.
- HTML was designed to display data with focus on how data looks
- XML was designed to store and carry data with focus on what the data is.
- It’s like HTML, but not the same.
- Extensible
- Authentication
- Verifying that somebody really is who they claims to be using their credentials.
- i.e., Who are you? Please provide your username and password, so I can verify who you are.
- Authorization
- Checking permissions (what you are allowed to do)
- For example, in WordPress sites, what you are allowed to do is determined by the user role that is associated with your account.
- Identity Provider
- In my diagram, it is EmpowerID platform.
- EmpowerID is an identity management system.
- Identity management refer to as the task of controlling information about users which includes user’s username and password.
- Service Provider
- In my diagram, it is a WordPress site.
- WordPress is an online content management system.
- Content management refer to as the task of managing content of a website.
So, what am I trying to do here?
- I want users to be able to log into my WordPress site to manage content by proving who they are to EmpowerID. In another word, when users try to log into my WordPress site, I am asking WordPress site to direct users to EmpowerID to verify they are really who they claims to be.
- Using more technical terms, “I am going to configure SAML to allow an online service provider (WordPress) to contact a separate online identity provider (EmpowerID) to authenticate users.”.
Hope this is somewhat useful for those who may be looking for some information on SAML/Single-Sign-On/WordPress/EmpowerID.
Please leave me a message if you have any questions!
Sarah Chun 