Talk:Security Assertion Markup Language

Overview
kiran It would be good if there was an overview of how it works (i.e. the general idea of passingauthentication strings back and forth), rather than leaping in with xml code. —The preceding unsigned comment was added by 12.11.185.229 (talk • contribs).

The text should avoid anthropomorphic language. In the summary it says, "SAML does not care..." But SAML is a specification, and does not have "cares". It would be better to say, "SAML is confined to X, and does not specify Y."

Version 2
Apart from that, I also think this should be updated to reflect the latest incarnation of it, i.e. Version 2.0 of SAML. —The preceding unsigned comment was added by 131.227.176.34 (talk • contribs).

Maybe it would be good to move the detailed SAML 1 stuff to its own page? Or if that's too intrusive, at least change the order to show 2.0 first (most prominently) and 1.1 and 1.0 further down the page? --Raboof 08:31, 31 January 2007 (UTC)


 * If you can contribute more specifics about how 2.0 differs from 1.x, then that would probably be a better first step. There isn't much discussion about that yet, and I would assume that many of the 1.x concepts and discussion are still relevant for 2.0 -- Bovineone 14:26, 1 February 2007 (UTC)

Updated SAML Topic
A refactored SAML topic is in progress!

74.135.163.209 02:11, 4 February 2007 (UTC)
 * Is it really necessary to split it into two pages? They don't seem that different. -- Bovineone 23:15, 14 March 2007 (UTC)

SAML 1.1 and SAML 2.0 are very different, in the details especially. (Moreover, SAML 1.1 and SAML 2.0 are incompatible, on the wire.) So the idea is this:


 * The SAML topic is a basic introduction to SAML. Almost no XML (in response to a previous comment).  Presentation is as nontechnical as possible.  Includes a generic flow that conveys (hopefully) the basic motivation for SAML.  The concepts that have persisted across versions of SAML are captured in the introductory SAML topic.


 * The SAML 1.1 topic includes details about that version of SAML only, including detailed examples and flows. (It is essentially a minor edit of the existing SAML topic, which was written before SAML 2.0.)


 * Likewise, the SAML 2.0 topic also includes many details. SAML 2.0 is significantly different than SAML 1.1.

I don't think it would be wise to include all of this in one topic. First of all, the resulting topic would be about 30 pages long. Second of all, the intermingling of SAML 1.1 code and SAML 2.0 code would just confuse people. It seems better to totally separate the topics. Trscavo 18:02, 17 March 2007 (UTC)

Oh, and the list of references for SAML 1.1 and SAML 2.0 is totally different. Another good reason to separate the two topics. Trscavo 18:12, 17 March 2007 (UTC)

The SAML topic has been updated (in a major way). New SAML 1.1 and SAML 2.0 topics have been created. Trscavo 20:11, 24 March 2007 (UTC)

SAML Categories
In what sense is SAML a Cryptography Standard? Besides XML-based standards, the best category I can find is Security software. Can anybody think of other relevant Wikipedia categories?

74.135.163.209 00:29, 5 February 2007 (UTC)

Removed Cryptography Standard designation. Trscavo 00:27, 25 March 2007 (UTC)

Ambiguity: "request at the identity provider"
Where the text currently says "all flows begin with a request at the identity provider," that "at" is a bit ambiguous.

It's not clear whether the text refers to a request from the identity provider (i.e., on its way to a service provider), or to a request to the identity provider (i.e., the flows begin after (ignore) the slightly preceding action of the request's being sent from the service provider).

214.16.248.2 (talk) 14:27, 7 October 2011 (UTC)

Ambiguity in the term "SAML Protocol"
There seems to be some ambiguity in the term "SAML Protocol" i.e.   "SAML protocol refers to what is transmitted, not how..." seems to contradict the following "A SAML protocol describes how certain SAML elements (including assertions) are packaged..." — Preceding unsigned comment added by Sanjeshnz (talk • contribs) 04:52, 9 June 2015 (UTC)

This phrase --> "...Loosely speaking, a RELYING PARTY [caps mine] interprets an assertion as follows:..." introduces the term "relying party" which is not used earlier. There's no way to mentally build the explanation that follows onto the foundation that preceded it.

Non-matching vocabulary for SAML is one of the chief difficulties of understanding and adoption today. Maybe a good opportunity for a list of synonyms and what they mean.

Finally, all in all this is a very difficult topic to nail down with unique precision. Bravo to the authors here who are giving it a go! 12.157.110.195 (talk) 17:15, 26 January 2016 (UTC)dk

Single most important / Primary
I feel like "The single most important use case that SAML addresses" is an opinionated way of saying "The primary use case". While it may be true, I believe the later would be a better way to say it.

Alancnet (talk) 13:00, 21 January 2019 (UTC)


 * Sounds reasonable. Tom Scavo (talk) 14:57, 21 January 2019 (UTC)

Sounds reasonable Infomybus1 (talk) 21:31, 22 February 2020 (UTC)

Example applications / systems are missing
It would be nice with a list of applications/systems that actually use SAML. --Mortense (talk) 14:09, 22 January 2019 (UTC)


 * See: SAML-based products and services. Tom Scavo (talk) 14:58, 22 January 2019 (UTC)