Choosing authentication protocol for digital signatures : A comparison between SAML and OIDC

Abstract: More and more companies are working toward digitizing their workflow and this has increased the necessity of digital signatures.An important part of digital signatures is the authentication process which is heavily regulated for Swedish government agencies by DIGG, DIGG only allows the use of Security Assertion Mark-up Language(SAML) for authentication but are looking into also allowing OpenID Connect(OIDC) and together with Swedish OIDC working group produce a specification.This thesis is looking into this preliminary specification and exploring if OIDC can do everything that SAML can do in regards of digital signatures, and if the inclusion of OIDC would render SAML obsolete.This is explored by implementing OIDC in twoday's services that follow DIGG's specifications to see if there are needs that OpenID Connect cannot meet.From the restriction in the thesis there was nothing that SAML could do that OIDC could not do, On the contrary their are features in OIDC that SAML could not match.The inclussion of OIDC would not make SAML obsolete unless customers use-cases evolve to include the features that SAML could not match.