[OpenID] FW: Technical Comparison: OpenID and SAML - Draft 06

Peter Williams pwilliams at rapattoni.com
Tue Jan 22 01:57:45 UTC 2008


Intending to speak non-threateningly, I know (as a security designer on the dumber end of the know-how spectrum) that I want next to investigate SAML2 and its use of NAPTRs. Its in this area where there appears a conflict of infrastructure vision between openid and SAML2 - one that concerns me.
 
Openid Auth (over https) is fine as a lightweight websso protocol. But, the whole XRD and XRI emphasis conflicts with general IETF direction in DNS, NAPTRs, walled-garden ENUM etc. I know for my part, I don't yet know how to reconcile these two infrastructure visions on resolving names to services, particular the websso assurance depend on secure name resolution. I do know I'm personally arming a new SAML2 party each week (in US realty), with increasingly sophisticated use of the fancier SAML2 features (which bodes well for openid2, which the same feature set as SAML in the 80% of features that most matter). 
 
Whilst we at rapattoni have made a commitment to ensure we can join realty's websso infrastructure to the web2.0 world via openid2, beyond that limited goal I'm not sure how to characterize what we will do with openid. I think it all comes down to SPECIFICALLY how the UCI management vision takes off, or not, in such as business applications that are building on all the various successful social networking practices proven over the last few years.

________________________________

From: general-bounces at openid.net on behalf of Drummond Reed
Sent: Mon 1/21/2008 12:10 PM
To: 'openid-general'
Subject: [OpenID] FW: Technical Comparison: OpenID and SAML - Draft 06



FYI - this message was sent to the ID Gang list by Jeff Hodges, one of the
key architects of SAML 1.1 and 2.0.

=Drummond

-----Original Message-----
From: idworkshop at googlegroups.com [mailto:idworkshop at googlegroups.com] On
Behalf Of =JeffH
Sent: Monday, January 21, 2008 10:04 AM
To: Identity Workshop folks
Subject: fyi: Technical Comparison: OpenID and SAML - Draft 06


of possible interest...


Technical Comparison: OpenID and SAML - Draft 06
January 17, 2008

Abstract

This document presents a technical comparison of the OpenID Authentication
protocol and the Security Assertion Markup Language (SAML) Web Browser SSO
Profile and the SAML framework itself. Topics addressed include design
centers,
terminology, specification set contents and scope, user identifier
treatment,
web single sign-on profiles, trust, security, identity provider discovery
mechanisms, key agreement approaches, as well as message formats and
protocol
bindings. An executive summary targeting various audiences, and presented
from
the perspectives of end-users, implementors, tna deployers, is provided. We
do
not attempt to assign relative value between OpenID and SAML, e.g. which is
"better"; rather, it attempts to present an objective technical comparison.

Revisions of this doument:

     This version:

http://identitymeme.org/doc/draft-hodges-saml-openid-compare-06.html

     Latest version:
         http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html


---
end


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Identity Gang" group.
To post to this group, send email to idworkshop at googlegroups.com
To unsubscribe from this group, send email to
idworkshop-unsubscribe at googlegroups.com
For more options, visit this group at
http://groups.google.com/group/idworkshop?hl=en
-~----------~----~----~----~------~----~------~--~---


_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general





More information about the general mailing list