Monday, May 07, 2007
The Battle between SAML and WS-Federation
Here is an Interesting Networkworld article where folks believe that from a specification perspective, duplication is evil (I agree). What they aren't talking about is usage scenarios in terms of products.
For example, if Progressive wanted to federate with Citigroup, they would probably do so using SAML and a lot of the discussions in terms of the Liberty Alliance have targeted this demographic. One should ask themselves how federation would change if Progressive wanted to federate with all of their other business partners, most of which don't have dedicated IT staff nor the budget to buy separate standalone products and instead prefer to see federation support built into products they already use such as the operating system. This is where WS-Federation in terms of implementation will win hands down over SAML.
The one thing I see that SAML 2.0 supports that no one is talking about in the WS-Federation camp is in support of XACML. The WS-Federation camp is overhyping identity while avoiding any discussions as to the problem space enterprises face related to disparate authorization models. To be fair, the SAML community has defined the specification but none of the vendors who support SAML actually bridge SAML to XACML.
Links to this post: