The Organization for the Advancement of Structured Information Standards (OASIS) has ratified Security Assertion Markup Language (SAML) 2.0, a specification that is now emerging in products. SAML 2.0 substantially changes the identity federation arena by removing the biggest roadblock to increased federation adoption, which has been multiprotocol complexity. OASIS, Liberty Alliance, and Shibboleth had previously attacked federation from three different perspectives, but SAML 2.0 now includes every critical-use case and feature from all preceding protocols in one standard. SAML 2.0 is a superset of all the functionality in five precedents and makes them obsolete. SAML 2.0 describes two roles for enabling federation: service provider, which makes the application or resource available to the user, and identity provider, which has the responsibility for user authorization. The two roles exchange messages to allow single-sign-on (SSO) and single-logout. For SSO, the identity provider must create a SAML assertion for the user and securely sends it to the service provider, which must validate the SAML assertion before providing the user with access to the application. Exchange of messages can take place through disparate SAML bindings, including use of a Hypertext Transport Protocol (HTTP) form Post through the browser or a Simple Object Access Protocol (SOAP) back-channel interaction.