Due to different portal sites, user communities and commercial services use different login mechanisms, users are forced to keep multiple identities, resulting in isolation business relationships and user experience. The key to eliminating this access is to establish a joint identity.
Establish a joint identity, implement a standardized, multi-vendor, web architectural general technology, such as the free architecture of the Liberty Alliance Project, such as the Liberty Alliance Project. Single Sign-ON, SSO is a Web service to communicate with another Web service to communicate with user authentication information. Security Declaration Markup Language (SAML) provides a technical framework for a login implementation.
With SAML, users can log in to a website. If the user is authorized, the user's authentication information will be forwarded to the site of the cooperative company, which makes the user easily get a variety of services. Taking the appointment service as an example, after a user is successfully logged in to an airline portal site, the user does not have to pay for the login process of other company sites, carry a car and booking room service.
SAML makes exchange users, devices, and any identifiable entities (ie, the so-called "objects" in the SAML standard "becomes possible. SAML is a subset of XML to define a request to answer or reject an object "declaration" request.
SAML defines three statements of authentication, authorization, and attributes. Authentication indicates an authentication that an object has previously obtained a means (such as password, hardware token, or X.509 public key); authorization indicates that an object should be given or rejected; attribute indicates that the object is associated with the property.
SAML does not specify the degree of trust of statements, the degree of trust of the statement is determined by the local system, which will cause loss due to inaccurate declaration. Avoid this requires Web-based enterprises to establish trust relationships and reach an operational agreement. In such a relationship or agreement, the company agrees to conduct a verification before accepting a statement.
SAML can be bundled with a variety of communication and transport protocols. It can be linked to a simple object access protocol on HTTP. SAML does not require cookies to run in one of the following two configuration files: browser / artifact and browser / post. When using browser / artifact, a SAML Artifact is transmitted as part of a URL query string. Saml artifact is a pointer to a statement. When using browser / post, the SAML declares is uploaded to the browser in an HTML table and is transmitted to the destination site as a component of the payload of the HTTP POST.
The impact of SAML will be multifaceted. It allows a password to access multiple portals into a reality, making access to web services no longer time consuming and disadvantage. At the same time, using SAML, each company will be able to establish a new type of business partnership, create a diverse, easy to control and convenient web services
