Comparison of SAML and Liberty Specifications
SAML was designed to address the issue of cross-domain single sign-on. The Liberty Alliance Project was formed to develop technical specifications that would solve business process problems. These issues include single sign-on, but also incorporate protocols for account linking and consent, among others. SAML, on the other hand, does not solve issues such as privacy, single logout, and federation termination.
The SAML 1.0 and 1.1 specifications and the Liberty Alliance Project specifications do not compete with one another. They are complementary. In fact, the Liberty Alliance Project specifications leverage profiles from the SAML specifications. The decision of whether to use SAML or the Liberty specifications depends on your goal. In general, SAML should suffice for single sign-on basics. The Liberty Alliance Project specifications can be used for more sophisticated functions and capabilities, such as global sign-out, attribute sharing, web services. The following table compares the benefits of the two.
Table 10–1 Comparison of the SAML and Liberty Alliance Project Specifications|
SAML Uses |
Liberty Alliance Project Uses |
|---|---|
|
Cross-domain single sign-on |
Single sign-on only after user federation |
|
No user federation |
User federation |
|
No privacy control, best for use within one company |
Built on top of SAML |
|
User identifier is sent in plain text |
User identifier is sent as a unique handle |
Note –
The Organization for the Advancement of Structured Information Standards (OASIS) drives the development of SAML. For information and specifications, see the OASIS Security Services (SAML) Technical Committee home page.
- © 2010, Oracle Corporation and/or its affiliates