SAML 1.1 vs SAML 2.0

I understand that with OAuth, there is the following distinction

OAuth 1.1:  Very simple protocol directed towards the mobile community
OAuth 2.0:  More complex and secure update, but without popularity

What would be the comparison between SAML 1.1 and SAML 2.0.  

How are they different and how should I decide on which to use

Thanks
Anthony LuciaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
It is good to see the details listed in OASIS community on the standard.
http://saml.xml.org/differences-between-saml-2-0-and-1-1

The key takeaway is as highlighted is the SAML V2.0 assertions and protocol messages are incompatible with SAML V1.x processors - however only new major versions of SAML typically cause this sort of incompatibility. For such major release, it is done for consistency and better component symmetry.

For security enhancement in v2.0, I see it more from having now supports the use of the W3C XML Encryption recommendation to satisfy privacy requirements for several important SAML constructs. This is on top of existing digital signing of assertions and protocol messages been positioned .

Also on related security changes, the Authentication Request Protocol provides support for SP-initiated web SSO exchanges. This protocol allows the SP to make requests to an IdP and potentially control various aspects of the user authentication at the IdP

Overall, the use case for SAML v2.0 is recommended nonetheless if just started and if riding on SAML v1.1, I see it more of riding on legacy build up and should plan for upgrade as most of public e-service provider will demand for this newer (v2) compatibility which v1.1 is not. Note that SSO is a potential major driver for v2.0 in a seamless user experience for consuming the requested web services...
0
Mayank SAssociate Director - Product EngineeringCommented:
SAML 2.0 is better to use as it is an improvement over 1.1.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
agreed and with wider compatibility and forward looking in web service and security provisioning as mentioned in my earlier post
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.