WS Security and SAML
When Microsoft and IBM released the first specifications on WS Security, there was no mention of SAML in it. This resulted in speculations that WS Security might not include SAML in the future, and caused people to doubt the very credibility and strength of SAML as a standard. In fact, in my article on SAML, I shared some of these doubts.
Things have changed pretty quickly since then, and now both sides are finding themselvesvery surprisinglyin the same camp: OASIS!
Technically, there are no issues with inserting SAML assertions within SOAP headers using WS Security standards; in fact, it makes much more sense to do so. Hence, it is widely expected that SAML will soon be included in WS initiatives and recognized as an industry standard for providing authentication and authorization assertions in a distributed Web services environment.