Not a day goes by that we don't have a conversation with a customer about some service they want to connect to that exists in the "cloud". There are numerous ways to handle the authentication for those services and there is increasing interest in the use of SAML for this purpose.
If you're not familiar with SAML (Security Assertion Markup Language 2.0), it's a "standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO)." 1
One of the big questions when considering the use of SAML is who are you going to trust to be your SAML provider? As we hear of more security "incidents", organizations that we talk to are questioning the wisdom of allowing someone else to host their credential data and are interested in being their own SAML provider. With the upcoming release of ARMS 2.1.0 you will now be able to be your own SAML provider and able to direct applications that can leverage SAML for authentication, such as Salesforce.com, Google Apps, Zendesk, etc, to your system for authentication.
Comments