Content deleted Content added
Citation bot (talk | contribs) Add: date. | Use this bot. Report bugs. | Suggested by Abductive | #UCB_toolbar |
m →Design: spell out acronym on first use |
||
Line 58:
* [[XML Encryption]]: Using XML Encryption, SAML 2.0 provides elements for encrypted name identifiers, encrypted attributes, and encrypted assertions (SAML 1.1 does not have encryption capabilities). XML Encryption is reported to have severe security concerns.<ref name="J2KVQ">{{cite web|title=How To Break XML Encryption|url=https://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf|publisher=[[Association for Computing Machinery]]|access-date=31 October 2014| date=19 October 2011}}</ref><ref name="0wAHF">{{cite web|title=RUB Researchers break W3C standard|url=http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en|archive-url=https://web.archive.org/web/20111124050008/http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en|archive-date=2011-11-24|publisher=[[Ruhr University Bochum]]|access-date=29 June 2012| date=19 October 2011}}</ref>
* [[Hypertext Transfer Protocol]] (HTTP): SAML relies heavily on HTTP as its communications protocol.
* [[Simple Object Access Protocol (SOAP)]]: SAML specifies the use of SOAP, specifically SOAP 1.1 .<ref name="K6G4v">[http://www.w3.org/TR/2000/NOTE-SOAP-20000508/ SOAP 1.1]</ref>
SAML defines XML-based assertions and protocols, bindings, and profiles. The term ''SAML Core'' refers to the general syntax and semantics of SAML assertions as well as the protocol used to request and transmit those assertions from one system entity to another. ''SAML protocol'' refers to '''what''' is transmitted, not '''how''' (the latter is determined by the choice of binding). So SAML Core defines "bare" SAML assertions along with SAML request and response elements.
| |||