The Organization for the Advancement of Structured Information Standards' (OASIS') Security Assertion Markup Language (SAML) eXtensible Markup Language (XML)-based framework is for exchange of authentication and authorization information among business partners electronically, particularly through Web services. Developers describe an authentication/authorization (AA) Web service that 'unifies the functions of identity management as a first step toward the goal of a federated, enterprisewide, single sign-on solution that improves our identity management problem.' Lightweight Directory Access Protocol (LDAP) is the centralized authority and is enabled with a rules engine from Jericho Systems called EnterSpace. EnterSpace has a SAML service and a rules engine that are imported as one component of the security package. SAML supports secure interchange of authentication and authorization information by using the core Web services standards of XML, Simple Object Access Protocol (SOAP), and Transport Layer Security (TLS). Among many vendors adhering to SAML and implementing it in their products are RSA, Netegrity, IBM, Oracle, BEA, Oblix, and Jericho. SAML does not perform authentication, but instead transports authentication information. Using a timed session can reduce the three following security attacks that are known to affect SAML: replay attack, DNS spoofing, and HTTP referrer attack. AA is a complex Web service that sticks to service-oriented architecture (SOA) principles and uses the local domain LDAP for authentication and follow-on SAML-based security assertions.