SAML 1.1 vs SAML 2.0

Posted on 2014-08-18
Medium Priority
Last Modified: 2014-08-19
I understand that with OAuth, there is the following distinction

OAuth 1.1:  Very simple protocol directed towards the mobile community
OAuth 2.0:  More complex and secure update, but without popularity

What would be the comparison between SAML 1.1 and SAML 2.0.  

How are they different and how should I decide on which to use

Question by:Anthony Lucia
  • 2
LVL 65

Assisted Solution

btan earned 1000 total points
ID: 40270064
It is good to see the details listed in OASIS community on the standard.

The key takeaway is as highlighted is the SAML V2.0 assertions and protocol messages are incompatible with SAML V1.x processors - however only new major versions of SAML typically cause this sort of incompatibility. For such major release, it is done for consistency and better component symmetry.

For security enhancement in v2.0, I see it more from having now supports the use of the W3C XML Encryption recommendation to satisfy privacy requirements for several important SAML constructs. This is on top of existing digital signing of assertions and protocol messages been positioned .

Also on related security changes, the Authentication Request Protocol provides support for SP-initiated web SSO exchanges. This protocol allows the SP to make requests to an IdP and potentially control various aspects of the user authentication at the IdP

Overall, the use case for SAML v2.0 is recommended nonetheless if just started and if riding on SAML v1.1, I see it more of riding on legacy build up and should plan for upgrade as most of public e-service provider will demand for this newer (v2) compatibility which v1.1 is not. Note that SSO is a potential major driver for v2.0 in a seamless user experience for consuming the requested web services...
LVL 30

Accepted Solution

Mayank S earned 1000 total points
ID: 40270181
SAML 2.0 is better to use as it is an improvement over 1.1.
LVL 65

Expert Comment

ID: 40270298
agreed and with wider compatibility and forward looking in web service and security provisioning as mentioned in my earlier post

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
The viewer will learn how to implement Singleton Design Pattern in Java.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month16 days, 6 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question