They seem to be similar on the surface, but I'm not sure how deep the differences are.
Can someone explain to me the difference between SAMLp and WS-Trust? ADFSv2 gives me a choice between these options and I'm not sure which to choose.
Asked
Active
Viewed 8,308 times
7
Scott Pack
- 15,167
- 5
- 61
- 91
makerofthings7
- 50,090
- 54
- 250
- 536
-
Read http://www.terena.org/activities/tf-emc2/meetings/9/slides/SAML&WS.ppt – Jahan Zinedine Sep 14 '13 at 07:28
2 Answers
7
WSTrust is a standard which is specifies how to encrypt/decrypt/sign SOAP messages and how to bind security tokens to a SOAP message.
SAML tokens are an example of a security token that could be bound to a SOAP message.
The SAML protocol provides a standard way to acquire, release and renew SAML tokens using SSL to protect communications and the XmlDsig standard to protect the token.
blowdart
- 859
- 4
- 5
2
AFAIK, They are similar WRT the end-goal.
- WS-Trust is SOAP-based involving front-channel (browser) and back-channel (among services) communication, SAML-Passive can optionally use SOAP for backchannel communication,
- SAML-P can involve no backchannel at all.
- The XML documents involved have different name spaces: WST vs SAML
- SAML-P is the name for the process of redirection and communication that achieves the federated login goal using SAML docs, but it seems that 'SAML' has come to be synonymous with 'SAML-Passive'
Rondo
- 217
- 1
- 4