Ask the Expert

Are SAML and WS-Security competitive specifications for Web services security?

Are SAML and WS-Security competitive specifications for Web services security?

    Requires Free Membership to View

No, they both serve somewhat different purposes. SAML, the Security Assertion Markup Language specification, is used to make authentication, attribute and/or authorization assertions about the subject of the SAML assertion. WS-Security is a higher-level specification that is used, among other things, to carry different token types, which, in turn, support claims about the subject. In fact, SAML has been accepted as one of the tokens that can be used in WS-Security. In one sense, WS-Security may be thought of as a container that carries security information in its token, one of which may be SAML. Note that WS-Security does more that this. The specification also describes how to use digital signatures and encryption with SOAP messages for stronger protection of the message.

This was first published in May 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: