The SAML XML.org web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

Revision of SAML 2.0 Usability from Tue, 2008-11-18 10:02

Feide RnD

Feide is a identity management system on a national level for the educational sector in Norway.

Feide RnD is more or less Andreas Åkre Solberg's thoughs about Identity Management. Anderas Åkre Solberg works in the Feide project at UNINETT.

I've started some work on SAML 2.0 usability from a service provider's point of view. The more complex architectures you make with SAML 2.0, often the usability suffers. In particular series of "Where are you from" interfaces, and service provider not already know about an existing SSO sessions are the two main problems I try to solve. Passive AuthNRequests and discovery service requests, and globally stored IdP selection cookies are functionalities that can be used to solve these usability challenges.In the figures below, a popular IdP means an IdP where a significant percentage of potential users come from this specific IdP.

Use case 1: Service Providers that allow anonymous access

Here is a flow chart for improved usability:### Use case 2: Service Providers that allow anonymous access[ Read more at rnd.feide.no ]

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I