Skip to content Skip to site navigation Skip to service navigation

Glossary of SAML Related Terms

AA - Attribute Authority
A service that provides attributes about entities Usually part of the IdP, but standalone is possible
LDAP is Stanford’s most common Attribute Authority
A named set of data about an entity (person or user)
Names are often based on directory attributes
Values are controlled by organizations
Federations may define common attributes
InCommon uses the eduPerson schema for interop
Usually used by organizational identity providers
Values provided by the organization; mostly verified
Example: Stanford asserts that
my preferred name is Jane Stanford
my email address is
Usually used by social identity providers Values often provided by the person; mostly unverified
Example: I claim that
my name is Jane Stanford
my email address is
Stanford’s local federation
A few IdPs (Stanford, SHC, SCH)
Local SPs
“non-federated” SPs
A collection of organizations which:
May share policies and practices
Usually share metadata about IdPs and SPs
Federations often sign this metadata
Federation solves the problem of metadata discovery
IdP - Identity Provider
A Service that provides identity information
Usually about people Not always the authentication service Historically also known as the “origin”
WebLogin is Stanford”s most common Identity Provider
The US Higher Education Federation
Metadata merged with eduGAIN (European federation)
IdPs need to opt out
Sis need to opt in
Over 1,800 IdPs
Over 400 US IdPs (out of ~1,400 .edu institutions)
Over 5,000 SPs
Over 2,600 US SPs
including non-edu providers, such as Box
RP - Relying Party
Another name for Service Provider
RPs “rely” on IdPs
SP - Service Provider
Usually a web application Uses an IdP to authenticate people
Uses an AA to get information about people
Last modified August 12, 2016