XML tokens are offered in two formats, Security Assertion Markup Language (SAML) and Extensible rights Markup Language (XrML).
XML-based security tokens are growing in popularity. Two well-known formats are:
- Security Assertion Markup Language (SAML)
- Extensible rights Markup Language (XrML)
Using textensibility of the <wsse:Security> header in XML-based security tokens, you can directly insert these security tokens into the header.
SAML assertions are attached to Web services security messages using Web Services by placing assertion elements inside the <wsse:Security> header. The following example illustrates a Web services security message with a SAML assertion token.<S:Envelope xmlns:S="...">& <wsse:Security xmlns:wsse="..."> <saml:Assertion MajorVersion="1" MinorVersion="0" AssertionID="SecurityToken-ef375268" Issuer="elliotw1" IssueInstant="2002-07-23T11:32:05.6228146-07:00" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> ... </saml:Assertion> </wsse:Security> </S:Header> <S:Body> ... </S:Body> </S:Envelope>
For more information on SAML and XrML, see Resources for learning.
See AlsoToken type overview
Username token element
Binary security token
Web services: Resources for learning