Security Assertion Markup Language (SAML) holds the dominant position in terms of industry acceptance for federated identity deployments. SAML is deployed in tens of thousands of cloud single sign-on (SSO) connections. Thousands of large enterprises, government agencies and service providers have selected it as their standard protocol for communicating identities across the internet.
SAML is XML-based which makes it a very flexible standard. Two federation partners can can choose to share whatever identity attributes they want in a SAML assertion (message) payload as long as those attributes can be represented in XML. This flexibility led to pieces of the SAML standard, such as the SAML assertion format, being incorporated into other standards such as WS-Federation.
Interoperability also gives SAML a huge advantage over proprietary SSO mechanisms. For an enterprise, proprietary SSO means each new connection potentially requires a new and different software implementation. With SAML, a single SAML implementation can support SSO connections with many different federation partners. Some large organizations, particularly those who have already gone through the pain of supporting multiple proprietary SSO implementations, now require the use of SAML for internet SSO with Software-as-a-Service (SaaS) applications and other external service providers.
The Kantara Initiative, formerly known as the Liberty Alliance, has established a very successful interoperability testing program where SAML vendors prove out-of-the-box interoperability with other SAML implementations. To date, Liberty has certified over 80 solutions from numerous vendors and organizations worldwide, including PingFederate, which has completed SAML 2.0 interoperability testing with more vendors than any other product in the identity management space. A certified product can be the difference between a two-hour configuration and testing exercise or a multi-month distributed debugging nightmare.