What standard is used to transfer security assertions between identity providers and service providers?

This is about federated identity and single sign-on, where an identity provider issues a security assertion to a service provider. The standard that defines how those assertions are created, formatted, and exchanged between IdPs and SPs is SAML. SAML is an XML-based framework that specifies the structure of the assertion (who the user is, what authentication occurred, and what attributes or authorizations apply) and how the service provider can verify and trust it, typically through digital signatures and certificates. This enables seamless cross-domain authentication because the SP relies on the IdP’s assertion to grant access without the user re-authenticating at every service. LDAP is a directory access protocol used to query and manage directory information, not to transport federation assertions between IdP and SP. XML is a data format used within SAML, but XML alone isn’t the standard for transferring these assertions. RDF is a separate data model for semantic information and not used for this federated authentication flow.