AuthXML is a transport-independent XML definition that allows security authorities in separate organizations to communicate about authentication, authorization, user profiles and authenticated user sessions in an open way. 1.1 Rationale The expanded use of secured networked applications, within enterprises and between them, has led to increased complexity for users and administrators.
Users are often required to make multiple logons to different applications in different security domains. Some solutions for reducing the security complexity for users have been proposed and implemented. Generally they are monolithic, requiring a single, authoritative user database which all other databases and applications must obey. Some solutions use a distributed model, with trust between domains, but these are usually proprietary or ad hoc.
The purpose of the AuthXML standard is to provide an open framework for resource realms, such as applications and Web sites, to trust security domains. It two key technologies to ensure secure, open implementations: . XML, the EXtensible Markup Language, an open standard for language definitions. The wide usage of XML and variety of XML processors allows for a variety of implementations of the AuthXML standard.
Digital Signatures (XML Signature), a standard for securely verifying the origins of messages. The XML Signature specification allows for XML documents to be signed in a standard way, with a variety of different digital signature algorithms. Digital signatures can be used for validation of messages and for non-repudiation. AuthXML is a flexible framework, requiring a minimum of functionality from implementations to meet the standard.