OpenID Connect will eventually replace SAML as the dominant protocol for SSO?

Question

I have seen in the some articles, It is said that OpenID Connect would replace SAML as the dominant protocol for SSO. I am not sure how openID connect would handle the session m

Answer 1

Yes, no question. No one wants to use a SOAP/XML standard from 2005 (pre-mobile) when they can use a JSON/REST API from 2014. See Gluu's protocol predictions: http://www.gluu.co/sso-protocol-predictions

If you doubt it, see Forrester's predictions... http://www.gluu.org/blog/wp-content/uploads/2014/06/eve_uma_irmsummit_2014-300x225.jpg Notice SAML on the "moderate success" curve, and OpenID Connect on the "significant success" curve.

The problem is that SAML vendors would not agree to breaking changes, and mobile/headless API's broke some of the assumptions made in the design of SAML.

• Mike Schwartz Founder / CEO Gluu http://gluu.org