Words re-learned headmaster's site

下晡 - e-poh - afternoon

交椅 - kau-i - chair

畫號 - ua-ho - sign

 麒麟鹿 - ki link lok - giraffe

空課 - khang khue - work

茨內 - chu lai - home

遴迍 - lun tsun  - clumsy

細膩 - sae ji - careful

清澄關 - tsheng teng kuan - customs

偪側、逼仄 - pek tshek - ....

誠 - tsiann - real

怔忪 - tshenn kong - 

究底 - kau te -

疳積 - kam tsek

淙浴 - tsang ek - bath

 思覺 - su kah - suka loh

坡底 - pho tae - town

發病 - phuah penn - sick

出坡 - tshut pho - outstation

頇顢 - han ban - (hahaha...) slow

隔腹兄弟 - keeh pak hiann ti - distant cousins with common great-grand parents

姥- boo - wife

 

Federation Products ranking (according to me!)
Warning: Opinions in this article is very blunt. No diplomatic miss pageant worded messages.

You can see I love Ping and the rest are just really, federation as their part time jobs, sucks big time. 

OpenAM is a good alternative as it is open source and free. (that is if it is kept that way).

Scoring is based on following points

• Certificate Management - Very important as it can suck up a hell lot of administration/integration time. A good certificate management saves integration and administration time. Up to 50% (if not 90%) of implementation problems are certificate related.
• SAML Configuration
• Metadata Tools
• Installation (ease) - Some solutions are so heavy that you need to install the whole product suite of the vendor company before you can start any real federation work. Either they want to lock the customer in a proprietary hell or they just don't know how to write an independent software.
• High Availability
• Configuration migration
• App Integration Kits
• API/SDP for integration
• Zero to deployment - From nothing to a fully deployed production ready solution. How easy is it?
• Proxy mode
• Auditing
• Multi hosted providers - Some products are restricted to only 1 providers.
• Dynamic SSO options - Options includes parameters available in the URL to dynamically select protocols, name IDs and other variables during a SSO initiation (usually URL based).
• SaaS ready (readiness) - Cloud based service providers like Salesforce, Google Apps, Office 365.

If you noticed, I did not rate any products based on protocol compliance. A lot of inter-op have done that, so I don't want to or even have the resource to do that. Here it is mainly evaluated based on SAML 2.0 basic SSO features. SAML 1.x is just so yesterday and anyone still using it, should be file for museum listing.

There are other listings like the one in SAML wiki which is based on the Kantara Intitiative testing. It's a good source to find out protocol compliance.  The problem with this inter-op tests is they don't evaluate the product as an end user (which includes administrators, integrator, developers). They just tick the boxes for compliance to some protocols. But federation solution is more than just protocol compliance. The fact is most customers just use the core features of the SAML (like the IDP/SP light referred to in the inter-op tests). Full support of all protocols in not necessary if the product fails miserably in other important areas like high availability, ease of administration and integration options, just to say a few.

Updated: Apr 2014