7

Does anyone have any info/links on the relative security of SAML vs Kerberos. I believe I grasp the differences between the two, and what they mean for my particular application, but to decide between the two, knowing which is more secure, if either, would be a valuable bit of info.

chmeee
  • 7,270
  • 3
  • 29
  • 43
Robert Gowland
  • 193
  • 2
  • 8

1 Answers1

5

From the top of my head:

  1. Kerberos is a lan (enterprise) technology while SAML is Internet.
  2. Kerberos requires that the system that requests the ticket (asks for user identity, in a way )is also in the kerberos domain, SAML does not require systems to sign up before.
  3. Kerberos does not reveal any identity information, because it does not know about anything beyond principal name.

In reality, SAML is for web apps and Kerberos is for unix/linux systems having SSO.

CharlesB
  • 515
  • 1
  • 4
  • 20
Konrads
  • 860
  • 2
  • 20
  • 38
  • 4
    Kerberos is also for Windows domains, since it's built into AD. – mfinni May 26 '10 at 14:47
  • Kerberos is an authentication/authorization scheme; SAML is a standardized way to do security markings – mpez0 May 26 '10 at 15:34
  • 1
    Kerberos was created by MIT in the 1980s and was *USURPED* by Microsoft by changing a byte value specifically marked as unused/later expansion. Kerberos is showing its age and is not as detailed as SAML (see XACML / assertions) nor does Kerberos make any provision for 3rd parties. This is the official link for the latest iteration: http://saml.xml.org/saml-specifications – ArrowInTree Dec 21 '12 at 02:05