Saturday, March 03, 2007
Deep-dive on SAML 2.0 vs WS-Federation
Hubert A. Le Van Gong and Pat Patterson have recently chimed in on a comparison between SAML 2.0 and WS-Federation but of course left out some very important considerations...
I think they are convienently choosing to ignore usage scenarios and sticking strictly to academic specification comparisons. If they were to noodle usage scenarios though, I think folks perspectives would change dramatically. Consider if you are an Enterprise Architect for a large enterprise and wanted to establish a federation with another large enterprise. You would probably consider SAML 2.0 as neither enterprise would really be constrained in terms of costs in buying software that supports it. If software in this space costs say $100K, then if the business value in doing so exists, both parties could make this happen.
Now ask yourself the same exact question where you are still the same Enterprise Architect for a large enterprise but only you want to establish a federation with hundreds if not thousands of small businesses where their company may only have a total of four or five employees on average. Could a small company afford to pay the same $100K in software in order to make a federation work? Would you as an Enterprise Architect instead prefer to use something that they may already have within their own infrastructure so as to make it affordable?
The funny thing is that if Enterprise Architects stop being enterprisey, they may even realize that the solution that works for the small guys will also work for the large ones. WS-Federation support is built into the Windows operating system which is pervasively deployed. How difficult would it be to find a Fortune 500 enterprise with Windows installed? No effort required as it has 100% penetration. So, if 100% of all enterprises have federation capability already deployed within their infrastructure, wouldn't it make sense to simply use it and not get caught up in academic comparisons of specifications? Shouldn't we focus on business value first?
I wonder if I could get folks such as Bob Blakely and Gerry Gebel of the Burton Group (Two highly respected industry analysts) to noodle the creation of a research report on using WS-Federation for large companies to small companies federation? I wonder if Conor Cahill would even figure out a way to get folks at the Liberty Alliance to at least noodle the scenario in which I propose?
| | View blog reactionsI think they are convienently choosing to ignore usage scenarios and sticking strictly to academic specification comparisons. If they were to noodle usage scenarios though, I think folks perspectives would change dramatically. Consider if you are an Enterprise Architect for a large enterprise and wanted to establish a federation with another large enterprise. You would probably consider SAML 2.0 as neither enterprise would really be constrained in terms of costs in buying software that supports it. If software in this space costs say $100K, then if the business value in doing so exists, both parties could make this happen.
Now ask yourself the same exact question where you are still the same Enterprise Architect for a large enterprise but only you want to establish a federation with hundreds if not thousands of small businesses where their company may only have a total of four or five employees on average. Could a small company afford to pay the same $100K in software in order to make a federation work? Would you as an Enterprise Architect instead prefer to use something that they may already have within their own infrastructure so as to make it affordable?
The funny thing is that if Enterprise Architects stop being enterprisey, they may even realize that the solution that works for the small guys will also work for the large ones. WS-Federation support is built into the Windows operating system which is pervasively deployed. How difficult would it be to find a Fortune 500 enterprise with Windows installed? No effort required as it has 100% penetration. So, if 100% of all enterprises have federation capability already deployed within their infrastructure, wouldn't it make sense to simply use it and not get caught up in academic comparisons of specifications? Shouldn't we focus on business value first?
I wonder if I could get folks such as Bob Blakely and Gerry Gebel of the Burton Group (Two highly respected industry analysts) to noodle the creation of a research report on using WS-Federation for large companies to small companies federation? I wonder if Conor Cahill would even figure out a way to get folks at the Liberty Alliance to at least noodle the scenario in which I propose?