The following table lists the differences among OAuth, OpenID Connect, WS-Trust, WS Fed, and SAML:
Table C-1 Differences among OAuth, OpenID Connect, and WS*-Family
|
OAuth |
OpenID Connect |
SAML |
WS-* Family |
|---|---|---|---|
|
An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. Provides API authorization between applications. |
Provides single sign-on (SSO) layer on top of the OAuth protocol for consumers. |
An XML-based open standard data format for exchanging authentication and authorization data between an identity provider and a service provider. Encompasses profiles, bindings and constructs to achieve SSO, federation, and identity management. |
Allows secure identity propagation and token exchange between Web services. Enables applications to construct trusted SOAP message exchanges. |
|
OAuth tokens can be binary, JSON, or SAML |
Uses JSON tokens |
Deals with XML as the data construct or token format. |
Uses Request Security Token (RST) and Request Security Token Response (RSTR) |
|
Uses HTTP exclusively |
Uses HTTP exclusively |
No restriction on the transport format. You can use SOAP, JMS, or any transport you want to use to send SAML tokens or messages. |
No restriction on the transport format. You can use SOAP, JMS, or any transport you want to use to send SAML tokens or messages. |
|
Designed for use with applications on the Internet. |
Designed for use with applications on the Internet. |
Used in enterprise SSO scenarios. |
Used in enterprise SSO scenarios. |