SAML is an XML-based standard for exchanging authentication and authorization data between security domains. The single most important problem that SAML was created to solve is the Web browser Single Sign-On problem. Today, many organizations are now in the SAML "zone of indecision" as to whether to stay with version 1.1 or move to 2.0. This article makes observations about both options. Read Article
- Posted by: Nuno Teixeira
- Posted on: September 28 2009 13:02 EDT
So what do you thing about JOSSO?
Frank, I agree with you that there are no a lot of SAML Web SSO resources out there. I do cover this topic in the security chapter of the upcoming Professional Oracle WebLogic Server. Also, SAML is a frequent topic of the Fusion Security Blog I think that SAML and the Web SSO profile works well in federated environments - across security domains. In my experience with customers, I haven't seen SAML SSO used as a general purpose Web SSO solution. I do like the use case implied from your article - using SAML to bridge an environment with multiple SSO products with in an enterprise. JB
Maybe you can send that Chapter to me and I can give you my $.02. Frank