<div>
<div class="content wysiwyg-content">
I have been reading about SAML. &nbsp;I have one question<br />
<br />
From what I understand, the identity provider is contacted by the web service to verify the username and pw. &nbsp;Does this mean that the user sends the username and pw to the web service. &nbsp;Does this actually go through the wire? &nbsp;Would this data be encrypted ?<br />
<br />
Thanks
</div>
</div>


I have been reading about SAML.  I have one question

From what I understand, the identity provider is contacted by the web service to verify the username and pw.  Does this mean that the user sends the username and pw to the web service.  Does this actually go through the wire?  Would this data be encrypted ?

Thanks

SAML and encryption

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

A Web service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the Web with the service always on as in the concept of utility computing. A web service has an interface described in Web Services Description Language (WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP (Simple Object Access Protocol) messages. There are two major classes of Web services: REST-compliant web services, and Arbitrary web services.

Web Services

Java is a platform-independent, object-oriented programming language and run-time environment, designed to have as few implementation dependencies as possible such that developers can write one set of code across all platforms using libraries. Most devices will not run Java natively, and require a run-time component to be installed in order to execute a Java program.