Identityblog der jeweiligen Autoren der Beiträge steht unter einer Creative Commons Attribution-ShareAlike 3.0 Unported Lizenz. Beruht auf einem Inhalt unter identityblog.portalverbund.at.
Craig Burton: SAML is dead
(cross-post from eustic.net)
Craig (@craigburton) said at the Cloud Identity Summit (#CIS2012) that SAML is dead. He argues:
- SAML is the Windows XP of Identity. OAuth is Android, OpenID Connect IOS and Shibboleth Linux
- No funding. No innovation. People still use it. But it has no future
- SAML is dead != SAML is bad. SAML is dead != SAML isn’t useful. SAML is dead means SAML != the future.
The ensuing twitter storm gave a topic for the following analyst panel session:
Sally Hudson (IDC):
SAML will be augmented and extended. From a quantitative perspective SAML’s life expectancy can be comparted with age-old mainframe authentication sytems: they still made 200m $ in 2011. However, there will be newer, more adapted technologies.
It will also be interesting to see how a competition between SAML and OIDC evolves. The story between SAML and WS-* stalled the federation market for a considerable time.
Steve Coplan, 451 Research:
SOAP will not stay forever, rather be replaced by REST. SAML might not support all use cases, but will have a place to stay. It might not accommodate new architectures coming up the next 3-4 years, like the mobile/app space.
---
Kantara’s Global Trust Framework Survey shows that 75% of all federations in production use SAML WebSSO. (In my talk tomorrow in Track C)
My 2 cents: SAML is mature. SAML is functional and scalable for bread and butter business applications. To do large projects in 2012 and 2013 it is still the safe bet.