[Security] client-to-client security :: Summary and todo's - SAML added

Hannes Tschofenig Hannes.Tschofenig at gmx.net
Sat Aug 23 10:23:00 CDT 2008


SAML and OpenID are two different solutions for the roughly the same 
problem.
SAML does not depend on OpenID nor does OpenID depend on SAML.

Pavel Simerda wrote:
> On Sat, 23 Aug 2008 16:26:42 +0200
> Johansson Olle E <oej at edvina.net> wrote:
>
>   
>> Thanks for all the feedback on the summary. Keep discussing and I'll  
>> try to update the summary tomorrow and see how that goes.
>>
>> One thing I want to add myself is SAML/Shibboleth. SAML 2 is an  
>> authentication system that is the basis for many authentication
>> systems, especially OpenID
>>     
>
> I haven't found a word about SAML in
>
> http://openid.net/specs/openid-authentication-2_0.html
>
>   
>> and Shibboleth2. Shibboleth 2 is created
>> in the Internet2 project and is used in the academic world, where  
>> universities build large federations for logging in and roaming, not  
>> only to WiFi networks, but also to web based systems. There is work
>> to enhance this a get it used outside of the Web based single-sign-on.
>>
>> I just saw a paper on how to use SAML authentication in SIP, and I'm  
>> pretty sure ideas and questions about it will soon arrive on this  
>> mailing list too. Anyone with ideas or feedback on this?
>>
>> So SAML 2.0 and XMPP is someting that may affect authentication here  
>> too.
>>
>> (The last sentence mostly a note to please search engines, he he).
>>
>> /O
>>     
>
>
>   



More information about the Security mailing list