• United States

SAML 2.0 simplifies federation

Dec 05, 20052 mins
Enterprise Applications

* SAML 2.0 radically alters the federation landscape

SAML 2.0 simplifies federation

By Patrick Harding

Until this year, identity federation has suffered from the problem of too many standards. Companies that deployed federation before the fourth quarter were forced to deal with five incompatible protocols: OASIS Security Assertion Markup Language 1.0 and 1.1, Liberty Alliance ID-FF 1.1 and 1.2 and Shibboleth. The result was a complex matrix of enterprise and consumer use cases, protocols and implementations that slowed the growth and increased the cost of federation deployments.

The Organization for the Advancement of Structured Information Standards (OASIS ), the Liberty Alliance and Shibboleth have since joined forces to create a single standard that would make their previous work obsolete. The result is SAML 2.0, which OASIS ratified in March and is beginning to appear in vendor products. SAML 2.0 radically alters the federation landscape by removing the largest barrier to increased federation adoption: multiprotocol complexity.

OASIS, Liberty and Shibboleth originally came at federation from three perspectives: OASIS SAML focused primarily on business-to-business interactions (single sign-on between enterprises), Liberty focused on consumer (business-to-consumer) interactions requiring privacy, and Shibboleth focused on educational environments requiring anonymity. Hence, they modified and extended the original SAML 1.0 specification to support different uses. These federation protocols are interoperable or backward-compatible.

Before SAML 2.0, organizations looking to deploy federated identity had to negotiate protocol selection with each federation partner. Many had to support multiple protocols through protocol mapping and translation techniques that cause support gaps for key features or capabilities.

To read more about SAML 2.0, please go to:

Harding is CTO for Ping Identity. He can be reached at