Home > Articles > Web Services

  • Print
  • + Share This
Like this article? We recommend

WS Security and SAML

When Microsoft and IBM released the first specifications on WS Security, there was no mention of SAML in it. This resulted in speculations that WS Security might not include SAML in the future, and caused people to doubt the very credibility and strength of SAML as a standard. In fact, in my article on SAML, I shared some of these doubts.

Things have changed pretty quickly since then, and now both sides are finding themselves—very surprisingly—in the same camp: OASIS!

Technically, there are no issues with inserting SAML assertions within SOAP headers using WS Security standards; in fact, it makes much more sense to do so. Hence, it is widely expected that SAML will soon be included in WS initiatives and recognized as an industry standard for providing authentication and authorization assertions in a distributed Web services environment.

  • + Share This
  • 🔖 Save To Your Account