1. What is SAML?
SAML (Security Assertion Markup Language) is an XML framework, which is a set of protocols that can be used to transmit security declarations. For example, two remote machines should be communicated, in order to ensure security, we can use measures such as encryption, or use SAML to transmit, the data transmitted in XML, in line with SAML specification, so we can not ask two machines The system, as long as you understand the SAML specification, it is obviously better than traditional ways. The SAML specification is a set of Schema definitions.
It can be said that in the Web Service area, Schema is a standard, in the Java field, API is a specification. (I summarized myself)
2. SAML role?
SAML mainly includes three aspects:
1. Certified statement. Indicates whether the user has been certified, usually used in single sign-on.
2. Attribute declaration. Indicates the properties of a SujBect.
3. Authorization is stated. Indicates the permissions of a resource.
3. What is the SAML framework?
SAML is that the customer sends a SAML request to the server, and then the server returns the SAML response. The transmission of data is represented in XML format complies with the SAML specification.
SAML can be built on SOAP, or it can be created on other protocols.
Because SAML's specification consists of several parts: SAML Assertion, Saml Prototol, SAML Binding, etc.
4. SAML is safe, because the transmission is XML clear text?
Of course, SAML is proposed to solve security issues. SAML is based on an XML signature specification, so the entire XML transmission is a plaintext, but it is also modified. Obviously, the XML encryption can also be transmitted.
