2 comments

[ 2.7 ms ] story [ 17.2 ms ] thread
Some minor notes:

Conventionally, "authn" means authentication, "authz" means authorization, and plain old "auth" doesn't mean anything in particular.

I don't think it makes sense to blame SAML for the awkwardness of using the passive browser sign-in scenario for something for which it was not designed. There are other profiles and other protocols available from any competent security token service.

Also bear in mind there is a tremendous amount of confusion around the SAML terminology, which can mean the token format, or the protocol for exchanging authentication request messages, which are entirely separate things.

Naïve question: why isnt any service on the internet providing sso using kerberos? The protocol seems to be appropriate.