SAML vs. OAuth
According to wikipedia on SAML
Security Assertion Markup Language is an XML-based open standard data format for exchanging authentication and authorisation data between parties, in particular, between an identity provider and a service provider.
According to OAuth.net on OAuth
An open protocol to allow secure authorisation in a simple and standard method from web, mobile and desktop applications.
SAML (Security Assertion Mark-up Language) is an umbrella standard that covers federation, identity management and single sign-on (SSO). In contrast, the OAuth (Open Authorisation) is a standard for authorisation of resources. It doesn’t deal with authentication. Even though SAML was actually designed to be widely applicable, its contemporary usage is typically shifted towards enterprise SSO scenarios. On the other hand, OAuth was designed for use with applications on the Internet, especially for delegated authorisation.
SAML was designed to be applicable openly, it is typically used in Enterprise SSO scenarios - within an enterprise or enterprise to partner or enterprise to cloud scenarios.
OAuth has been designed for use with applications on the internet, primarily for delegated authorisation of internet resources. OAuth is designed for Internet Scale.
SAML v2.0 and OAuth v2.0 are the latest versions of the standards.
No comments:
Post a Comment