Are SAML and WS-Security competitive specifications for Web services security?
No, they both serve somewhat different purposes. SAML, the Security Assertion Markup Language specification, is used to make authentication, attribute and/or authorization assertions about the subject of the SAML assertion. WS-Security is a higher-level specification that is used, among other things, to carry different token types, which, in turn, support claims about the subject. In fact, SAML has been accepted as one of the tokens that can be used in WS-Security. In one sense, WS-Security may be thought of as a container that carries security information in its token, one of which may be SAML. Note that WS-Security does more that this. The specification also describes how to use digital signatures and encryption with SOAP messages for stronger protection of the message.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.