Get Satisfaction uses Javascript and cookies.

You'll need to enable Javascript and cookies to log-in and participate.

Share Follow

Know any helpful people?
Email this to a friend
- Your Name:
- Your Email:
- Email to: Enter up to 5 email addresses separated by commas
- Add an optional message
- Optional Message:
  Character limit of 1000 characters
- Or cancel
Twitter this
Share on Facebook
Get a short URL

Share it on these other sites

1 answer marked best

2 replies made

3 people participating

1 employee helping

The mood in here

happy 1

silly 0

indifferent 0

sad 0

Products & Services

Add a product

This topic is tagged

Add a tag

What are the diffenrence with the already existing, normalized standard SAML 2 (http://en.wikipedia.org/wiki/SAML_2.0) ?

SAML 2 is an authentication standard that enable federation of user account between websites (service providers, SP). When an account is federated, the user may choose to share some of it's resources with SP. It really look like the goal of OAuth

Inappropriate?

Reply to this question

2 people have this question

I have this question, too! Tell me when someone answers.
The more people who ask this question, the more it gets noticed.

EMPLOYEE

Remove Inappropriate?
Delete or Edit

Chris Messina, Official Rep, replied on September 26, 2007 15:43

I'm not as technical as other folks, but I think, just looking at that Wikipedia page, it has to do with simplicity and with extracting best practices from existing delegated authentication/authorization protocols like BBAuth, FlickrAuth, AuthSub and others.

Perhaps a better question to ask is why the organizations behind those protocols didn't just adopt SAML 2 and instead develop their own nearly-identical protocols?

In any case, I'm sure there are more differences, so I'll ask around and get some other replies. Thanks!

I’m inquisitive

The company says this answers the question

Add a comment This answers the question Mark as a company answer
Remove Inappropriate?
Delete or Edit

George replied on September 28, 2007 12:52

SAML is about identity assertions, identity attributes and identifier federation. The SAML assertions are often used in web services calls as the mechanism to securely identify the identity in the transaction. OAuth is less about identity federation and more about a simple HTTP based identity web service invocation framework. If you were to equate OAuth to something in the SAML "sphere" it would be the Liberty ID-WSF 2.0 specification.

The value of the simple HTTP based framework is that it is much easier to integrate into AJAX and "widget" based applications. Trying to parse and manage SAML and SOAP based XML in Javascript, while not impossible, is not the normal developer programming model.

Finally, I believe that it is possible to combine both SAML and OAuth such that a relying party that supports OAuth for identity web services, and SAML for authentication and federation, could use SAML assertions and artifacts as the token and keys used in the OAuth protocol. [Note, I have not mapped this out in detail]

1 person says this answers the question

Add a comment This answers the question

Reply to Cupcake 17041's question

(Some HTML allowed)

Company participation

The mood in here

Products & Services

This topic is tagged

Related topics in OAuth

What are the diffenrence with the already existing, normalized standard SAML 2 (http://en.wikipedia.org/wiki/SAML_2.0) ?