The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.
SAML 2.0 Usability
Feide RnD
Feide RnD is more or less Andreas Åkre Solberg's thoughs about Identity Management. Anderas Åkre Solberg works in the Feide project at UNINETT.
I've started some work on SAML 2.0 usability from a service provider's point of view. The more complex architectures you make with SAML 2.0, often the usability suffers. In particular series of "Where are you from" interfaces, and service provider not already know about an existing SSO sessions are the two main problems I try to solve. Passive AuthNRequests and discovery service requests, and globally stored IdP selection cookies are functionalities that can be used to solve these usability challenges.In the figures below, a popular IdP means an IdP where a significant percentage of potential users come from this specific IdP.
Use case 1: Service Providers that allow anonymous access
Here is a flow chart for improved usability: