An open standard for providing SSO (Single Sign-On). Service providers defer authentication to an identity provider using cryptographically signed messages passed back and forth by the user’s browser between the two entities.