(Draft) Technical Comparison: OpenID and SAML

Over the past couple of years quite a few folks have asked me, and I’m sure others, “what’s the salient differences between OpenID and SAML?” So earlier this year I began hacking together a technical comparison of the two. It’s an interesting exercise comparing two Web SSO protocols, even one as ostensibly simple, and straightforwardly specified, as OpenID. It turns out to be a fairly complex task given all the different facets inherent in authentication protocols in general, and in web-, i.e. HTTP-based, protocols (and profiles thereof) in particular. And also given the various audiences affected by such protocols: implementors, deployers, end users, and protocol designers.

The resultant comparison paper, “Technical Comparison: OpenID and SAML – Draft 05″ seems to me to be at a stage where it can be shared widely (i.e. on the web :) ), here it is..

http://identitymeme.org/doc/draft-hodges-saml-openid-compare-05.html

..For many readers, sections 1, 2, and perhaps 3 ought to cover things. For those necessarily interested in gory, really geeky details, parts or all of section 4 will be of interest. Note that this is still a “draft“–there are various items, especially in section 4, that are not as yet evaluated as thoroughly as I’d like, or at all (as yet).

I’ve tried as much as possible to provide an objective comparison. It’s admittedly difficult given I’ve been intimately involved in SAML’s gestation since essentially the very beginning. It’s also a technically difficult comparison because of the differing design centers of OpenID and SAML, as well as differing specification styles, and thus the difficulty in presenting the comparison to the reader, not to mention attempting to be “balanced“.

So, I hope this paper will prove at least somewhat enlightening and useful to the multifaceted “identity” community out there, and to those shepherding websites who are wondering what these two oft-mentioned beasts are, how’re they’re different/similar/alike, and also nominally how they work.

=JeffH sez check it out.

3 Responses to “(Draft) Technical Comparison: OpenID and SAML”

  1. Hannes Tschofenig » Technical Comparison: OpenID and SAML Says:

    [...] blogpost: (Draft) Technical Comparison: OpenID and SAML [...]

  2. IdentityMeme.org » Blog Archive » New version of OpenID SAML comparison document Says:

    [...] I’ve done a modest editorial and copy editing update to the OpenID SAML technical comparison document announced earlier. Going forward, the latest rev will be available via this URL: http://identitymeme.org/doc/draft-hodges-saml-openid-compare.html Technorati Tags: authentication, Open Standards, openid, saml, Security, simplified sign on, single sign on [...]

  3. Speaking of Standards » Blog Archive » A Technical Comparison of OpenID and SAML Says:

    [...] It’s great to see this kind of technical research now coming out in the field. The more we have of this kind of work the closer we will be to having solid and secure forms of online identity. If you are interested in reading the paper, it can be found here. [...]

Leave a Reply

You must be logged in to post a comment.