Security Assertion Mark-up Language (SAML) is an open standard protocol which allows security credentials to be shared by multiple devices participating in the same network. It is a framework that facilitates the exchange of authorisation and authentication of data between secure domains.
In SAML, authentication is provided by an identity provider. An identity provider is an entity that determines if a user is really who they claim to be. They might also regulate what degree of access the user is equipped and authorised with. Identity providers interact with service providers, which receive and accept information through SAML services.
The most common use of SAML is in Single Sign-On (SSO). SAML removes the need for passwords, through the use of digital signatures and standard cryptography. A secure token is exchanged from an identity provider to a service provider. The common problem faced by countless IT security companies is how users have to remember many different sets of login credentials. Organisations that have adopted identity and access management products which make use of SAML protocols can free themselves from the burden of managing and monitoring large amounts of username and password combinations. Users need only to log in once and they can thus access the resources they are allowed to.
However, SAML authentication is reliant on a centralised system. Through such sharing of user data between various service and identity providers, the risk for data to be consumed by a malicious party opened up. Many SSO solutions relied on centralised databases that were supported by external vendors and companies. There was the possibility for cyber attackers to slip into the network through the third-party solution provider, giving rise to a breach in security and potential identity theft.
As a result, the evolution of digital identity started looking towards the concept of self-sovereign identity. That is where blockchain security comes into the picture. By approaching identity management with a model of decentralisation, each user in the network can control who has access to their own data. The user holds total control of their own data, as opposed to one central authority managing tons of individual user data.
How blockchain solution vendors can be tapped on to empower the existing protocols of SAML is to create a decentralised distributed ledger that prevents data from being altered or deleted. First used in the cryptocurrency world, such as Bitcoin, blockchain technology can now be harnessed to secure applications in numerous industries. The immutable nature of a blockchain network can be used to make SSO the next big thing in security.
Unsolicited circulation of data can be put to a stop, with the total transparency afforded by blockchain. It is impossible for anyone to tamper with the data stored on the blockchain, preventing hackers from forging authentication data to access the network.
Organisations and vendors in Singapore are beginning to consider how blockchain can be incorporated on top of existing SAML-based services and leveraged for its functionality. By fully harnessing blockchain technology, seamless authentication and authorisation can be pushed to greater developments.