Q. Why do we need XDI when we have SAML?
Do you have an elevator speach for the above question handy? If you do, or you have something in mind, could you please send it to me, please?
Sorry I am way, way behind on all but essential email. But I really liked this question so I wanted to send you an answer.
The key answer I give someone when they ask this question is that SAML is an interoperable security assertion schema and protocol while XDI is an interoperable generalized data interchange schema and protocol.
Although SAML provides numerous security assertion features and vocabulary that SAML does not, XDI provides the following features that SAML does not:
1) Universal addressability of data (using XRIs)
2) Universal cross-referenceability of data (caching non-authoritative copies using Refs to the authoritative copy).
3) Universal versioning and synchronization of data (“RSS for data” using XDI link contracts).
4) Universal rights model for data sharing (“DRM for data” using XDI link contracts).
5) Universal extensible data definition model (XDI dictionaries).
I hope that helps. After 18 months boiling down the XDI schema (a process I compare to “building DNA”), I have very high hopes for how fast progress will start to happen now that both ooTao and Jason Boorn’s company are both doing implementations.
I look forward very much to seeing you in person next month – I really hope I can come to Costa Rica.