SAML 与 OAuth：我应该使用哪一个？

Project PicketLink: It leads to questions on security, trust, and identity management. One common question is about the difference between SAML and OAuth.
Difference between SAML and OAuth:
- Informally: SAML is an umbrella standard for SSO, federation, and identity management using XML. OAuth is a standard for resource authorization and doesn't handle authentication.
- Formally: SAML is an XML-based open standard for exchanging auth and auth data. OAuth is an open protocol for secure authorization in a simple and standard method.
Other Differences:
- Token or Message Format: SAML uses XML; OAuth tokens can be binary, JSON, or SAML.
- Transport: SAML has HTTP bindings but can use other transports; OAuth uses HTTP exclusively.
- Scope: SAML is typically used in enterprise SSO scenarios; OAuth is for internet-scale applications.
Which Versions to Use: SAML v2.0 and OAuth v2.0 are the latest.
When to Use Which: Use SAML for SSO in enterprise scenarios; use OAuth for resource access; use SAML for partner or customer access; use SAML for a centralized identity source; use OAuth2 with bearer tokens for mobile devices.
Using Both SAML and OAuth: Can use SAML for authentication and then use the SAML token as an OAuth bearer token. There is a REST service to convert SAML to OAuth tokens.
Alternative in OAuth World: JSON Web Token (JWT) can be used with OAuth2. OpenID Connect is an identity layer on top of OAuth2 that provides user profile information.
References: PicketLink project, OAuth theory on PicketLink site, IETF web authorization working group, IETF OAuth2, Google OAuth document, Microsoft Windows Live OAuth2 document, Amazon Web Services and SAML, Salesforce SAML, Google Apps SAML, OpenID Connect.