Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Are SAML and WS-Security competitive specifications for Web services security?

Are SAML and WS-Security competitive specifications for Web services security?

No, they both serve somewhat different purposes. SAML, the Security Assertion Markup Language specification, is used to make authentication, attribute and/or authorization assertions about the subject of the SAML assertion. WS-Security is a higher-level specification that is used, among other things, to carry different token types, which, in turn, support claims about the subject. In fact, SAML has been accepted as one of the tokens that can be used in WS-Security. In one sense, WS-Security may be thought of as a container that carries security information in its token, one of which may be SAML. Note that WS-Security does more that this. The specification also describes how to use digital signatures and encryption with SOAP messages for stronger protection of the message.

This was last published in May 2003

Dig Deeper on Securing services

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.