SAML is a :
- XML Framework for defining tokens / assertions
- Protocol Binding framework
- Solution for SSO
With these questions in mind I started wondering if SAML provides everything then what does Liberty do. I asked this question in OASIS SSTC newsgroup and got some good explanation which I am posting here also.
Below is the answer from Conor P. Cahill from AOL who actively participates/contributes in SAML group.
---------
SAML1.1 does provide a framework upon which you can build a fully operational, privacy aware SSO environment. This is, in fact, what Liberty did. Liberty added functionality in the areas of:
- Identity Federation Protocols (how 2 parties agree on an identity handle for the user)
- Single Logout Protocols
- Privacy protection
- Authentication Context
- Metadata distribution
- Authentication request extensions
- IDP location (Common domain cookie)
- Enabled Client/Proxy
- Identity Affiliations
Liberty subsequently contributed their work back into the SSTC and the SSTC has incorporated it into the SAML 2.0 work that is currently in progress. People who understand or have implemented Liberty ID-FF, will feel right at home with SAML 2.0.
-----------
Complete discussion can be found here.