When a user of a computerized device accesses a service from a service provider, the computerized device may first need to obtain a token from a token provider, and then deliver the token to the service provider. After the service provider properly receives and validates the token from the computerized device, the service provider allows the computerized device to access the service on behalf of the user.
Security Assertion Markup Language (SAML) defines a standard which enables computerized devices to acquire SAML tokens (or assertions) from identity providers, and then obtain access to services from service providers using the SAML tokens. Often the identity providers and the service providers are separate organizations/entities.