13

I came across SAML and kerberos, both are used to establish identity using assertions (tickets) so is there an overlap in their use ?

Can somebody highlight their differences and point which technology is a better fit where.

thanks

update to add some context, there are some web services in an intranet environment where only a closed set of users should be allowed to access it. Is this requirement better suited for SAML or kerberos

mzzzzb
  • 269
  • 1
  • 2
  • 6
  • 2
    You might be interested in [Kerberos over the Public Internet](http://security.stackexchange.com/questions/41803/kerberos-authentication-over-the-public-internet), which bears on your question. – gowenfawr Feb 11 '14 at 18:14
  • This is *somewhat* of a broad question. – Steve Feb 11 '14 at 18:32
  • @gowenfawr your lead was very helpful, thanks. I have added some context to my question, its a closed system. so key exchange may be a possibility – mzzzzb Feb 12 '14 at 02:20

1 Answers1

10

SAML is used over the Internet. If you have a web application you would use SAML. SAML is just a standard data format for exchanging authentication data. You would typically use it for a web SSO (single sign on).

Kerberos is used in an enterprise LAN typically. Kerberos requires that the user it is authenticating is in the kerberos domain.

Not really a lot of overlap in my opinion.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Daisetsu
  • 5,110
  • 1
  • 14
  • 24