Using SAML v1.x or Liberty ID-FF
The Liberty ID-FF (as described in Using the Liberty ID-FF) and SAML v1.x should only be used when integrating with a partner that is not able to use SAML v2. SAML v1.x was designed to address the issue of cross-domain single sign-on. It does not solve issues such as privacy, single logout, and federation termination. The Liberty Alliance Project was formed to develop technical specifications that would solve business process issues including single sign-on, account linking and consent, among others.
The SAML v1.x specifications and the Liberty Alliance Project specifications do not compete with one another. They are complementary. In fact, the Liberty Alliance Project specifications leverage profiles from the SAML specifications. The decision of whether to use SAML v1.x or the Liberty specifications depends on your goal. In general, SAML v1.x should suffice for single sign-on basics. The Liberty Alliance Project specifications can be used for more sophisticated functions and capabilities, such as global sign-out, attribute sharing, web services. The following table compares the benefits of the two.
Table 11–1 Comparison of the SAML v1.x and Liberty Alliance Project Specifications|
SAML v1.x Uses |
Liberty Alliance Project Uses |
|---|---|
|
Cross-domain single sign-on |
Single sign-on only after user federation |
|
No user federation |
User federation |
|
No privacy control, best for use within one company |
Built on top of SAML |
|
User identifier is sent in plain text |
User identifier is sent as a unique handle |
|
Single log out |
Single log out |
- © 2010, Oracle Corporation and/or its affiliates