While researching for this assignment, I came across a lot of good points about each access control measure, along with some bad points. Each measure was implemented with the best intentions for the user. The fact that it simplifies log on procedures is a big factor. Security-Assertion Markup Language is an XML based open standard for exchanging authentication and authorization data between security domains. Open Authorization allows you to use a common username and password to access different sites. These sites are linked together in one form or another to share information on these sites. Now granted not all information on the sites are shared, but some things such as address book, what you read, watch, or even sometimes your hobbies show up.
Security Assertion Markup Language uses assumptions that the user is enrolled with an identity provider. This identity provider is expected to provide local authentication services to the principal. However, SAML does not specify the implementation of these local services; indeed, SAML does not care how local authentication services are implemented. With this, a service provider relies on an identity provider to identify a principal. At the principal's request, the identity provider passes a SAML assertion to the service provider. On the basis of this assertion, the service provider makes an access control decision.
SAML ensures the resource in the assertion matches that configured in the filter, checks the client's access permissions for the resource, ensures the assertion has not expired. The main problem with Security Assertion Markup Language is trying to solve the Web Based Single Sign On. This is where Open Authorization kind of excelled where SAML did not. OAUTH uses single sign on to help a user connect to different sites through one common username and password. For instance, with everything seeming to revolve around Facebook nowadays, websites such as Pinterest and Yahoo will use your facebook...
Please join StudyMode to read the full document