OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] SAML2.0 implementations


 

So, In the first level we have the vocabulary, the pure XML schema. We can find here SAML 1.1, SAML 2.0, Liberty, Shibboleth(?).... so schemes that are built above existing ones (I guess SAML is the common base of all of them). This level defines the vocabulary and the semantic meaning.  
SAML 1.1 is a common base for Liberty ID-FF and Shibboleth.
 
SAML 2.0 is a convergence of the 3 with substantial schema changes across the board and new profiles created from some of the work done in Liberty & Shibboleth.
In the second level we have the profiles (?), so, what can be done using those schemes and how is done; for example, which are the steps must be performed to do a SSO or actions that are possible (defined) in one "tool" and not in another. So, Shibboleth defines one way for doing the things and Liberty another and SAML2.0 another. So, in that level it would be possible to classify the actions that are possible (SSO, federation,...). 
SAML 2.0 has a complete list of the profiles that covers the profiles available in Liberty and Shibboleth, all of which overlap the more limited profiles available in SAML 1.1.
 
I would recommend that any new work today be done using SAML 2.0 as it's the result of much experience rolling out SAML 1.1 based systems (including Liberty and Shibbloleth) in real world environments.
 
Toolkits for SAML 1.1, Liberty ID-FF and Shibboleth are still valuable for roll-outs that need compatibility in one of those environments (e.g. adding a new SP to a Liberty ID-FF Circle of Trust).
 
Conor


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]