[noddingham]

Not saying you're wrong, I only want to add to your context by saying (in my experience) within higher education SAML is the way federated identity is done. InCommon has been around for a long time and makes it pretty easy, and Shibboleth is very popular. Have a great day!

[gorkish]

Being around longer or being widely implemented within some market segment is not a great reason to advocate for expanding its use. I could play devil's advocate for Kerberos or NIS just as easily as you can for SAML. It's fine if you must integrate with an existing system, but it's instant tech debt if you build a new system around it today.

[barryrandall]

Nothing else is suitable for multilateral, full-mesh federation yet. The OIDC multilateral federation standard hasn't been finalized or fully implemented yet, and it takes years to coordinate this kind of change in a federation.

[gorkish]

So use SAML for that part; education is still a big market and they have a case for delegating the responsibility of establishing and managing trust relationships to a federation provider that most b2b and b2c applications will not have. Fortunately most of these identity systems are happy to proxy for downstream OIDC/OAuth IdCs anyway, so the argument that you may not want to implement SAML IdC in your own application is still valid even in this context.