Other members of the circle of trust could then examine these policies to determine whether to trust such information.

While Liberty was developing ID-FF, the SSTC began work on a minor upgrade to the SAML standard.

Token mature cam-26

Like its SAML predecessor, Liberty ID-FF proposed a standardized, cross-domain, web-based, single sign-on framework.

In addition, Liberty described a circle of trust where each participating domain is trusted to accurately document the processes used to identify a user, the type of authentication system used, and any policies associated with the resulting authentication credentials.

The resulting SAML V1.1 specification was ratified by the SSTC in September 2003.

Then, in November of that same year, Liberty contributed ID-FF 1.2 to OASIS, thereby sowing the seeds for the next major version of SAML.

SAML defines XML-based assertions and protocols, bindings, and profiles.

The term SAML Core refers to the general syntax and semantics of SAML assertions as well as the protocol used to request and transmit those assertions from one system entity to another.

A directory service such as RADIUS, or Active Directory that allows users to log in with a user name and password is a typical source of authentication tokens at an identity provider.

The OASIS Security Services Technical Committee (SSTC), which met for the first time in January 2001, was chartered "to define an XML framework for exchanging authentication and authorization information." Meanwhile, the Liberty Alliance, a large consortium of companies, non-profit and government organizations, proposed an extension to the SAML standard called the Liberty Identity Federation Framework (ID-FF).

In March 2005, SAML V2.0 was announced as an OASIS Standard.