Glossary

AML is an open standard used for communicating user authentication between identity providers and web services, enabling Single Sign-On (SSO). While ‘open standard’ doesn’t have an entirely agreed-upon definition, it generally refers to freely available specifications that anyone can use for their products or services. Due to the ubiquity of open standards, they help ensure interoperability. Some common examples - Ethernet, USB, Wi-Fi, HTML, and HTTP.

SAML is a markup language based on XML, which uses its specific syntax for storing, sharing, and exchanging data between computers. It uses tags to define the structure and meaning of data and is software and hardware-independent.

SAML is used primarily to enable Single Sign-On (SSO) services. SSO services use an Identity provider (IdP) to verify a user’s identity and communicate between online service providers. SAML uses the XML syntax to structure the data that is exchanged between identity providers (IdP) and service providers - communicating authentication and authorization of users to the service provider.

Single Sign-On has plenty of efficiency, ease-of-use, and security benefits that existed before the introduction of SAML. Before SAML, SSO relied upon cookies, which could only be shared within the same web domain, as that was where cookies were stored. Now, with an open standard of authentication and the use of identity providers, SSO can be achieved across multiple domains without creating or storing cookies.

The SAML authentication approach means users do not need to remember multiple usernames and passwords, both a benefit to user experience and to platform security and efficiency. Users must only log in to the identity provider once, and then their credentials are sent across domains to the appropriate web services via SAML assertions. Web authentication is centralized by the IdP, so service providers avoid the need to store passwords or address forgotten password issues, removing a potential security risk.