Johannes posts about the ongoing work on exploring the synergies between SAML and OpenID in an entry titled Eve and Pat, SAML and OpenID. It’s worth reading to get an idea of just how things are coming together. One correction, though, Johannes – you give a table of identifier-based authentication flavours, but you left an important one out. Here is a fuller version:
- with OpenID Authentication (which is light-weight, Diffie-Hellman key exchange-based)
- with LID/GPG Authentication (which is light-weight, public key-based)
- with SAML ‘Lightweight’ (which is only a little bit heavier and uses a simple ‘blob’ signature)
- with SAML (which is a bit heavier and uses XML Signatures)
Of course, the magic of Yadis makes this all very transparent to the user, but, I wonder, how do IdPs and SPs decide which flavour they prefer?