Security Assertion Markup Language (SAML) is best described as which?

• A. An open-source option for SSO capabilities that utilized SAML.
• B. An attestation model built upon XML for SOAP-based web services.
• C. An open standard decentralized protocol for authentication users.
• D. Allows different websites to rely on a trusted third party to authenticate users.

Answer: (B)

SAML is about federated identity and single sign-on by exchanging authentication data between trusted parties. It defines XML-based assertions that an identity provider uses to tell a service provider that a user has been authenticated. This lets one trusted party—the identity provider—vouch for the user's identity to multiple websites or services, so you can sign in once and access many sites without reauthenticating. While SAML messages are XML and can be bound to different transport mechanisms (including SOAP in some setups), its fundamental purpose is the trusted relationship that enables cross-site authentication, not a general attestation model or a SOAP-specific mechanism.

That’s why describing it as allowing different websites to rely on a trusted third party to authenticate users is the best fit. The other options miss the central idea: it’s not simply an open-source SSO option, and it’s not primarily an attestation model built on XML for SOAP-based services, even though XML-based assertions are part of how it communicates authentication data.