[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Why Liberty if SAML provides the authentication framework ?
Hi Prasad, I doubt if there could be have been a better answer to my question as you have given. Thanks a lot for this. Also thanks to Conor for listing the differences, they were helpful. So do you guys see somewhere Liberty and SAML 2.0 merge. I mean in Identity/Federation space there is lot of confusion already with Liberty,WS-Federation,Shibboleth etc. Regards & Thanks Kapil ----- Original Message ----- From: "Prasad Shenoy" <prasad.shenoy@gmail.com> To: "Kapil Sachdeva" <ksachdeva@sbcglobal.net> Sent: Tuesday, September 07, 2004 7:44 AM Subject: Re: [saml-dev] Why Liberty if SAML provides the authentication framework ? > Hi Kapil, > > Good Question !! Somehow we all have been ignoring this question for a > long time might be because some of us think its trivial or because it > too obvious. Now with the release of SAML 2.0 this question might > float atop again. > > However, I will try to chalk out the differences between SAML and > Liberty based on my understanding. > > Liberty tends to use SAML 1.1 protocols/profiles for Single Sing-On > but in addition to that Liberty has its own set of protocols which > extends SAML1.1 functionalitites. > > Protocols like RequestNameIdentifier, NameIdentifierMapping, > LogoutRequest ( for Single Logout) etc fall in the Liberty namespace. > Also, Liberty enhances session management upto some extent that is > totally missing in SAML 1.1 > > Liberty provides web redirection as a key architectural component for > tranferring sessions between the actors of Liberty framework namely > IDP and SP. IDP and SP is another term from Liberty namespace that > SAML 2.0 has inherited. The concept of "Circle of Trust" consisting of > one or more IDP and SP and the transfer of credentials between them, > seamlessly without user interaction, is a Liberty brain child. > > Furthermore, Liberty ID-WSF take a totally different path from any of > the SAML concepts. ID-WSF deals with Attribute Exchange in the context > of user permissioning, another Liberty concept. ID-SIS, yet another > Liberty concept for defining Employee and Personal profiles etc. > > Liberty uses SAML Brws/Artifact and Brws/Post profiles for Web SSO. > However, you could see a very thin line of differentiation between the > upcoming SAML v2.0 and Liberty ID-FF. > > This is the least that can be said I guess....... > > Hope it helps. > > --P. > > ----- Original Message ----- > From: Kapil Sachdeva <ksachdeva@sbcglobal.net> > Date: Mon, 6 Sep 2004 11:37:45 -0700 (PDT) > Subject: [saml-dev] Why Liberty if SAML provides the authentication > framework ? > To: saml-dev@lists.oasis-open.org > > > > Hello guys, > > I went through the technical overview of SAML 1.1 standard. Grasped > most of the cocepts behind SAML such as its an XML framework for > exchanging authentication, authorization & attribute information > between 2 (or more) portal/services. SAML also provide protocol > bindings. SAML also explains the use cases and show the way > authentication/authroization/attribute information can be exchanged > using Browser/artifact and Browser/post examples. > > So far I liked it but could not understand what Liberty alliance tries > to solve here or in other words what are the limitations of SAML which > resulted in another standard such as Liberty. > > Please grant me some knowledge on this topic. I am going to ask the > same question to Liberty guys. > > Regards & thanks > Kapil > http://www.dotnetcard.com/blogs/ksachdeva > > > > -- > ____________________________________ > > "Keep it simple, stupid"
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]