Q

Are SAML and WS-Security competitive specifications for Web services security?

Are SAML and WS-Security competitive specifications for Web services security?

No, they both serve somewhat different purposes. SAML, the Security Assertion Markup Language specification, is used to make authentication, attribute and/or authorization assertions about the subject of the SAML assertion. WS-Security is a higher-level specification that is used, among other things, to carry different token types, which, in turn, support claims about the subject. In fact, SAML has been accepted as one of the tokens that can be used in WS-Security. In one sense, WS-Security may be thought of as a container that carries security information in its token, one of which may be SAML. Note that WS-Security does more that this. The specification also describes how to use digital signatures and encryption with SOAP messages for stronger protection of the message.

This was first published in May 2003

Dig deeper on SOA security tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close