Re: [saml-dev] SAML2.0 implementations

["Tom Scavo" <trscavo@gmail.com>]

On 12/1/06, Cahill, Conor P <conor.p.cahill@intel.com> wrote:
>
> SAML 1.1 is a common base for Liberty ID-FF and Shibboleth.

Yes, but it's worth pointing out that Shibboleth is "merely" an
implementation of the SAML V1.1 profiles, while ID-FF specifies a
completely new layer on top of SAML.  Thus the two do not
interoperate.  Shibboleth will interoperate with other pure
implementations of SAML, but implementations of ID-FF will only
interoperate with other implementations of ID-FF.

> SAML 2.0 is a convergence of the 3 with substantial schema changes across
> the board and new profiles created from some of the work done in Liberty &
> Shibboleth.

Excellent one-line summary.

> I would recommend that any new work today be done using SAML 2.0 as it's the
> result of much experience rolling out SAML 1.1 based systems (including
> Liberty and Shibbloleth) in real world environments.
>
> Toolkits for SAML 1.1, Liberty ID-FF and Shibboleth are still valuable for
> roll-outs that need compatibility in one of those environments (e.g. adding
> a new SP to a Liberty ID-FF Circle of Trust).

Well, this is slightly off topic, but I'll give a
counter-recommendation anyway :-)

I can't say anything about the commercial implementations, but few (if
any) open-source SAML V2.0 toolkits exist today, let alone
implementations of the SAML V2.0 browser profiles.  If you are in IT,
and you want to roll out a production SAML V2.0 deployment in the next
six months using open source, forget it.  (Somebody please tell me I'm
wrong!)  If you are doing research, take at look at OpenSAML 2.0
(there may be other SAML V2.0 toolkits at various stages of
development, I don't know).

That's why I'm keen on classifying Eve's list...if there are
(open-source) SAML V2.0 toolkits and/or implementations of the SAML
V2.0 browser profiles, that would good to know!

Tom