saml20 vs saml11

Tue, Dec 13, 2005

From SAML1.1, the following have been carried over to SAML 2.0:

Protocol

AttributeQuery Now contains an Attribute element as AttributeDesignator has been removed from SAML2. Also, no Resource attribute Request This is now an abstract type and isn't used directly, as in SAML1.1. Instead, specific Requests are used: AssertionIDRequest AuthnRequest ArtifactResolve ManageNameIDRequest LogoutRequest NameIDMappingRequest SubjectQuery - SubjectQueryAbstractType extends RequestAbstractType Response The Response element in SAML2 extends the StatusResponseType and not ResponseAbstractType as in SAML1.1. Previously, it contained a and zero or more elements, now it contains either or elements. StatusCode This is the same as in SAML1.1 with the addition of extra top level definitions with the prefix urn:oasis:names:tc:SAML:2.0:status: StatusDetail Exactly the same as in SAML1.1 Status Exactly the same as in SAML1.1 StatusMessage Exactly the same as in SAML1.1 SubjectQuery Abstract as in SAML1.1 but in SAML2.0 it extends RequestAbstractType and not QueryAbstractType as in SAML1.1

Replaced:

AssertionArtifact - Artifact ArtifactResolve ArtifactResponse AuthenticationQuery - AuthnQuery AuthorizationDecisionQuery - AuthzDecisionQuery Query RespondWith

Assertion

Action Exactly the same as in SAML1.1 Advice Still has Assertion element but AssertionIDReference has been removed and there is now a choice of different elements: AssertionIDRef, AssertionURIRef, Assertion, EncryptedAssertion AssertionIDReference Assertion MajorVersion and MinorVersion attributes have been replaced by the Version attribute. AssertionID attribute has been replaced by the ID attribute. Issuer attribute has been removed. IssueInstant attribute remains the same as in SAML1.1. Conditions and Advice elements remain and new elements can be added: Statement, SubjectStatement, AuthenticationStatement, AuthorizationDecisionStatement or AttributeStatement Attribute In SAML1.1 this extended AttributeDesignatorType, which has now been removed from SAML2.0. Attribute now has it's own type with completely different attributes for the element. AttributeStatement In SAML1.1 this extended SubjectStatementAbstractType. In SAML2.0 it extends StatementAbstractType and now contains an EncryptedAttribute element as well as an Attribute element AttributeValue The same as in SAML1.1 but with the addition that it can be nil, to cover the case where the corresponding Attribute is null. Audience Same as in SAML1.1 with the addition that it MAY also contain the unique identifier URI from a SAML name identifier that describes a system entity. Condition Exactly the same as in SAML1.1 Conditions The AudienceRestrictionCondition and DoNotCacheCondition elements have been removed. The Condition element remains the same. The AudienceRestriction, OneTimeUse and ProxyRestriction elements have been added. The attributes for the Conditions element remain the same as in SAML1.1 Decision Evidence The AssertionIDReference element has been removed. The Assertion element remains the same. The AssertionIDRef, AssertionURIRef and EncryptedAssertion elements have been added in SAML2.0 Statement Exactly the same as in SAML1.1 SubjectConfirmationData In SAML1.1 this was of type anyType. In SAML2.0 it has it's own type, which extends anyType and within which any elements from any namespace can be added. It's much more open in SAML2.0 SubjectConfirmation The ConfirmationMethod, SubjectConfirmationData, ConfirmationMethod and KeyInfo elements have been removed. The SubjectConfirmationData element remains the same. The BaseID, NameID and EncryptedID elements have been added in SAML2.0. The Method attribute has been added in SAML2.0 Subject The NameIdentifier element has been removed. The BaseID, NameID and EncryptedID elements have been added in SAML2.0. These have replace NameIdentifier. SubjectLocality This is basically the same as in SAML1.1 but with the attributes renamed: IPAddress -> Address DNSAddress -> DNSName

Replaced:

AssertionIDReference - AssertionIDRef AssertionURIRef AttributeDesignator AudienceRestrictionCondition AuthenticationStatement - AuthnStatement AuthorityBinding AuthorizationDecisionStatement - AuthzDecisionStatement ConfirmationMethod DoNotCacheCondition NameIdentifier - NameID SubjectStatement

New for SAML2.0:

Protocol

Artifact ArtifactResolve ArtifactResponse AssertionIDRequest AuthnContextComparison AuthnQuery AuthnRequest AuthzDecisionQuery Extensions GetComplete IDPEntry IDPList LogoutRequest LogoutResponse ManageNameIDRequest ManageNameIDResponse NameIDMappingRequest NameIDMappingResponse NameIDPolicy NewEncryptedID NewID RequestedAuthnContext RequesterID Scoping SessionIndex StatusResponse Terminate

Assertion

AssertionIDRef AssertionURIRef AudienceRestriction AuthenticatingAuthority AuthnContextClassRef AuthnContextDecl

AuthnContextDeclRef AuthnContext AuthnStatement AuthzDecisionStatement BaseID EncryptedAssertion EncryptedAttribute EncryptedElement EncryptedID Issuer KeyInfoConfirmationData NameID OneTimeUse ProxyRestriction

comments powered by Disqus