Back Issues This Week → Current Issue → Popular →

Ever wonder how your login info zips securely across the internet without getting snatched? Well, SAML's got a big part to play. But it's not foolproof.

• SAML, or Security Assertion Markup Language, is a standard for single sign-on (sso). It lets you use one set of login credentials across multiple apps, which is super convenient.
• SAML messages often carry sensitive info; like, really sensitive. Think usernames, email addresses, group memberships-the kinda stuff you don't want just anyone peeking at. (Is there any confidential information held in a SAMLRequest?)
• Without proper security, those messages are vulnerable. A malicious actor could intercept and alter them or even impersonate you. (Malicious actors are impersonating senior U.S. officials via text and .) Not good.

This is where request signing and response encryption come in. They're like the dynamic duo of SAML security.