« And so the actual IPv6 deployment on the public Internet begins…
EComm2008 - Jonathan Christensen of Skype and the “unrealized” vision of SIP… »

A Technical Comparison of OpenID and SAML

February 8th, 2008 by Dan York

561B4AF1-C5A5-4363-B67E-E01ADD90084E.jpgAlthough I haven’t discussed it much here on this site, one of my passionate interests is in the whole space of “online identity” and what we need to do to have a better sense of “identity” online. There’s a number of levels to my interest but one very basic one is the ability to have a single “identity” that you can use while logging into different websites. Or perhaps not a single identity, but at least a small number of “identities” such as one online identity to login to “work” sites and another to login to “personal” sites. OpenID has emerged as a leading contender in this space and as I noted on our Behind the Blog blog , I have now enabled this site as an OpenID provider so that those of us who write here can use this site as an OpenID URL to login to sites. (And yes, I’m working on making the site a user of OpenID as well.)

In any event, while I will write more about OpenID in the future, over on his blog, Hannes Tschofenig writes about a new document “Technical Comparison: OpenID and SAML” that compares OpenID with the Security Assertion Markup Language (SAML). Here is the abstract:

“This document presents a technical comparison of the OpenID Authentication protocol and the Security Assertion Markup Language (SAML) Web Browser SSO Profile and the SAML framework itself. Topics addressed include design centers, terminology, specification set contents and scope, user identifier treatment, web single sign-on profiles, trust, security, identity provider discovery mechanisms, key agreement approaches, as well as message formats and protocol bindings. An executive summary targeting various audiences, and presented from the perspectives of end-users, implementors, tna deployers, is provided. We do not attempt to assign relative value between OpenID and SAML, e.g., which is ‘better’; rather, it attempts to present an objective technical comparison.”

It’s great to see this kind of technical research now coming out in the field. The more we have of this kind of work the closer we will be to having solid and secure forms of online identity. If you are interested in reading the paper, it can be found here.

Technorati Tags: , , , ,

Tags: ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Please note: By submitting a comment you agree to comply with our Comment Policy. We welcome all comments, positive or negative, but do reserve the right to remove all or part of blog comments that do not comply with our policy.