Which statement accurately describes SAML?

• A. SAML is an XML-based token standard used for exchanging authentication and authorization data between parties in a federated system.
• B. SAML is a JSON-based API specification for data queries.
• C. SAML is a network protocol for transferring files.
• D. SAML is a password storage standard.

Answer: (A)

SAML is an XML-based framework for exchanging authentication and authorization data between parties in a federated environment, typically between an identity provider and a service provider. This enables single sign-on across different domains: you prove who you are to the identity provider, and that identity (along with attributes you’ve been granted) is conveyed to the service provider via a SAML assertion. The data format used is XML, not JSON, and SAML defines how those assertions are created, signed, and transmitted, rather than serving as a general API or file-transfer protocol. It’s not about storing passwords; instead, it’s about securely conveying trust and access rights from a trusted identity source to the service you want to use.