OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Why Liberty if SAML provides the authentication framework ?

Hi Prasad,

I doubt if there could be have been a better answer to my question as you 
have given. Thanks a lot for this.
Also thanks to Conor for listing the differences, they were helpful.

So do you guys see somewhere Liberty and SAML 2.0 merge. I mean in 
Identity/Federation space there is lot of confusion already with 
Liberty,WS-Federation,Shibboleth etc.

Regards & Thanks

----- Original Message ----- 
From: "Prasad Shenoy" <prasad.shenoy@gmail.com>
To: "Kapil Sachdeva" <ksachdeva@sbcglobal.net>
Sent: Tuesday, September 07, 2004 7:44 AM
Subject: Re: [saml-dev] Why Liberty if SAML provides the authentication 
framework ?

> Hi Kapil,
> Good Question !! Somehow we all have been ignoring this question for a
> long time might be because some of us think its trivial or because it
> too obvious. Now with the release of SAML 2.0 this question might
> float atop again.
> However, I will try to chalk out the differences between SAML and
> Liberty based on my understanding.
> Liberty tends to use SAML 1.1 protocols/profiles for Single Sing-On
> but in addition to that Liberty has its own set of protocols which
> extends SAML1.1 functionalitites.
> Protocols like RequestNameIdentifier, NameIdentifierMapping,
> LogoutRequest ( for Single Logout) etc fall in the Liberty namespace.
> Also, Liberty enhances session management upto some extent that is
> totally missing in SAML 1.1
> Liberty provides web redirection as a key architectural component for
> tranferring sessions between the actors of Liberty framework namely
> IDP and SP. IDP and SP is another term from Liberty namespace that
> SAML 2.0 has inherited. The concept of "Circle of Trust" consisting of
> one or more IDP and SP and the transfer of credentials between them,
> seamlessly without user interaction, is a Liberty brain child.
> Furthermore, Liberty ID-WSF take a totally different path from any of
> the SAML concepts. ID-WSF deals with Attribute Exchange in the context
> of user permissioning, another Liberty concept. ID-SIS, yet another
> Liberty concept for defining Employee and Personal profiles etc.
> Liberty uses SAML Brws/Artifact and Brws/Post profiles for Web SSO.
> However, you could see a very thin line of differentiation between the
> upcoming SAML v2.0 and Liberty ID-FF.
> This is the least that can be said I guess.......
> Hope it helps.
> --P.
> ----- Original Message -----
> From: Kapil Sachdeva <ksachdeva@sbcglobal.net>
> Date: Mon, 6 Sep 2004 11:37:45 -0700 (PDT)
> Subject: [saml-dev] Why Liberty if SAML provides the authentication 
> framework ?
> To: saml-dev@lists.oasis-open.org
> Hello guys,
> I went through the technical overview of SAML 1.1 standard. Grasped
> most of the cocepts behind SAML such as its an XML framework for
> exchanging authentication, authorization & attribute information
> between 2 (or more) portal/services. SAML also provide protocol
> bindings. SAML also explains the use cases and show the way
> authentication/authroization/attribute information can be exchanged
> using Browser/artifact and Browser/post examples.
> So far I liked it but could not understand what Liberty alliance tries
> to solve here or in other words what are the limitations of SAML which
> resulted in another standard such as Liberty.
> Please grant me some knowledge on this topic. I am going to ask the
> same question to Liberty guys.
> Regards & thanks
> Kapil
> http://www.dotnetcard.com/blogs/ksachdeva
> -- 
> ____________________________________
> "Keep it simple, stupid" 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]