DEV Community: Devesh Patel

[Boost]

Devesh Patel — Thu, 20 Mar 2025 06:00:45 +0000

Join Our First-Ever WeCoded Challenge – Celebrating Underrepresented Voices in Tech Through Stories & Code!

Jess Lee for The DEV Team ・ Mar 5

Unlocking the Future of Golang: Trends, Predictions, and Business Impact in 2025

Devesh Patel — Wed, 19 Mar 2025 12:58:13 +0000

Profile-guided optimization (PGO) has emerged as a powerful technique for improving application performance by utilizing runtime data to inform compiler decisions. In a recent implementation, Uber collaborated with Google to integrate PGO into Golang, resulting in significant performance improvements and resource savings across their service fleet.

PGO takes advantage of actual runtime behavior to make smarter compiler decisions compared to traditional static analysis. By collecting execution profiles during representative runs, PGO identifies hot code paths and optimizes them accordingly through techniques like:

Intelligent function inlining based on call frequency
Improved code and data layout for better locality
Enhanced register allocation and instruction scheduling
Basic block reordering to optimize execution paths

The implementation of PGO at Uber encompasses several key phases: profiling, analysis, and recompilation. Initially, runtime profiling data is collected during representative executions of applications. This data is then analyzed to identify optimization opportunities, which are subsequently applied during the recompilation process to produce optimized binaries. While languages like C++, Rust, Java, and Swift have long supported PGO, its integration into Go is relatively recent. Uber collaborated with Google to introduce PGO support in Go, with PGO-driven inlining introduced in version 1.20 and devirtualization optimizations added in version 1.21.

To seamlessly incorporate PGO into its continuous optimization framework, Uber established a systematic process:

Daily Profile Collection: Continuous profiling data is gathered from multiple instances to create representative profiles.
Service-Specific Enrollment: A configuration system enrolls specific services for PGO, ensuring targeted optimizations.
Continuous Integration (CI) Testing: The PGO Software Development Kit (SDK) undergoes CI tests to validate changes and maintain stability.
Deployment: Post-validation, PGO-optimized services are deployed into the production environment.
Performance Monitoring: A performance dashboard monitors the impact of PGO on services, facilitating ongoing assessment.

A significant challenge encountered during PGO implementation was the increase in build times, with some services experiencing delays of up to eight times. This was primarily due to the extensive time required for parsing profiling data during compilation. To address this, Uber developed a profile preprocessing tool that extracts runtime profiling data, constructs call graphs, and caches this information for use during compilation. This preprocessing significantly reduced build times, making PGO integration more practical for developers.

The performance impact of PGO was evaluated using synthetic benchmarks and real-world service assessments. For instance, benchmarks demonstrated that:

30% reduction in instruction Translation Lookaside Buffer (iTLB) misses for Go’s widely used third-party JSON library, go-json.
4% performance improvement through optimized inlining.
24,000 fewer CPU cores required across Uber’s top services, leading to significant cost savings.

Several other technology companies have embraced Profile-Guided Optimization (PGO) to enhance the performance of their Go applications. Companies like Cloudflare and Datadog have integrated PGO into their Go-based services, resulting in reduced CPU usage and improved performance. Similarly, Grafana Labs utilizes PGO in conjunction with Grafana Pyroscope, an open-source continuous profiling platform, to optimize Go applications.

The Future of Golang in 2025

Golang, or the Go Programming Language, is a statically typed, procedural language developed by Google, known for its simplicity and efficiency. Its future growth is expected to focus on cloud-native development, IoT, and machine learning, alongside significant enhancements in its upcoming version 2.0.

Current State of Golang

Golang has an important place in the programming language industry, characterized by:

Simplicity and Readability: Go emphasizes neat syntax, making learning and maintaining code bases easier, especially for large teams.
Concurrency and Performance: Golang supports concurrency through goroutines and channels, enabling the development of scalable applications.
Statically Typed and Compiled: This leads to strong applications with good performance.
Rich Standard Library: The Go standard library limits the need for additional dependencies, simplifying development.
Open-Source and Community-Driven: Continuous improvements and innovations arise from its thriving community.

Latest Version of Golang

As of February 2025, the latest version is Golang 1.22, featuring key enhancements:

Generics: Allows writing more generic code, reducing redundancy.
Error Handling: Improved error wrapping mechanisms for clearer code.
Package Management: Streamlined dependency management with Go Mod improvements.
Tooling Advancements: Ongoing refinement of existing tools enhances the developer experience.

Comparison of Golang with Other Languages

Golang vs Python

Similarities: Both prioritize readability.
Differences: Golang is generally faster and more efficient due to its compiled nature.

Golang vs Java

Similarities: Both are statically typed.
Differences: Golang’s simpler syntax makes it easier to learn and use.

Golang vs C++

Similarities: Both offer high performance.
Differences: Golang is easier to learn compared to C++, which has a steeper learning curve.

The Future of Golang: Top Trends and Predictions

Cloud-Native Development: Golang fits well with scalable, deployable cloud software.
Internet of Things (IoT): Golang is a strong candidate for IoT development due to its performance and minimal resource usage.
Developer Experience: Focus on improving tooling libraries and frameworks.
Machine Learning and AI: Golang is gaining traction in ML/AI applications.
Security: The Golang community will focus on improving security libraries.
Ecosystem Expansion: New frameworks and libraries will serve various domains.
Golang 2.0 Enhancements: Generics, better error handling, and improved package management are expected.

Business Perspective on Golang

Golang is gaining traction in 2025 due to its scalability, performance, and business impact in cloud computing, microservices, and enterprise tech.

Key Strengths of Golang for Business

Simplicity and Maintainability: Clean syntax reduces onboarding time and maintenance costs.
Performance and Scalability: High-performance applications with efficient memory overhead.
Concurrency for Modern Demands: Efficient handling of multiple tasks simultaneously.
Rich Ecosystem and Advanced Tooling: Extensive standard library reduces reliance on third-party dependencies.
Strong Industry Backing: Continuous updates from Google and a thriving open-source community.

Latest Version of Go (1.22 – February 2025)

Go 1.22 introduces generics, improved error handling, and enhanced package management. These updates increase productivity and maintainability, making Go a compelling option for modern software development.

Challenges and Limitations of Go

Foreign Function Interface (FFI): Integration with C or other languages can introduce performance overhead.
Garbage Collection (GC): Prioritizes low latency over high throughput.
Dynamic Code Loading: Limited compared to Java or Python.
Use Case Limitations: Lack of a native UI framework makes it impractical for standalone desktop applications.
Competition from Established Languages: Java and C# continue to dominate enterprise software.

Cloudflare Unveils Media Transformations and Content Credentials for Enhanced Video and Image Management

Devesh Patel — Wed, 19 Mar 2025 12:56:15 +0000

Cloudflare has introduced Media Transformations, a service designed to optimize short-form video content by simplifying the video optimization process. This service extends its Image Transformations capabilities to short-form video files, regardless of storage location. It eliminates complex video pipelines, making it easier for users to enhance videos directly from existing storage solutions like Cloudflare R2 or S3.

Image courtesy of Cloudflare

The service allows users to apply various optimizations via URL-based parameters, facilitating automation and integration for video adjustments without the need for complex coding. Key features include:

Format Conversion : Output videos as optimized MP4 files.
Frame Extraction : Generate still images from video frames.
Video Clipping : Trim videos with specified start times and durations.
Resizing and Cropping : Adjust video dimensions with parameters like “fit,” “height,” and “width.”
Audio Removal : Strip audio from video outputs.
Spritesheet Generation : Create images with multiple frames.

The service is currently in beta and free for all users until Q3 2025, after which a pricing model similar to Image Transformations will be adopted.

For businesses focusing on short-form video, alternatives such as Cloudinary, ImageKit, and Gumlet offer features for video optimization, but Cloudflare’s Media Transformations aims to provide a more streamlined solution.

Cloudflare Launches One-Click Content Credentials

Cloudflare has also announced the launch of a one-click solution for preserving image authenticity and creator attribution through Content Credentials. This feature allows publishers and media organizations to maintain the digital history of images across Cloudflare’s global network.

The digital ‘nutrition label’ attaches directly to images, enabling creators to be credited for their work and allowing consumers to verify the origin and alterations of digital content. The solution is based on standards from the Coalition for Content Provenance and Authenticity (C2PA).

Matthew Prince, co-founder and CEO of Cloudflare, stated, “The future of the Internet depends on trust and authenticity.” This integration helps media organizations verify authenticity and maintain ownership of their work, crucial in an age where AI-generated content is prevalent.

Users of Cloudflare Images can enable the “Preserve Content Credentials” option to safeguard embedded metadata across the Cloudflare network. This ensures that transformations made to images are recorded using public key cryptography, allowing viewers to verify the digital history of images using the Adobe Content Authenticity Inspect tool.

For more details, check the following resources:

Blog: Preserving content provenance by integrating Content Credentials into Cloudflare Images
Content Authenticity Initiative Blog: Cloudflare becomes the first major content delivery network to implement Content Credentials

Introducing Media Transformations from Cloudflare Stream

The Media Transformations service allows customers to optimize short video content without the need to migrate existing assets. The URL structure for transforming videos mirrors that of Image Transformations, making it easy for users to integrate this feature into their existing setup.

Example URL format for transformations:

https://example.com/cdn-cgi/media/<OPTIONS>/<SOURCE-VIDEO>

This service provides a significant reduction in file size while maintaining quality, facilitating smoother user experiences on websites.

For more information on transforming videos, visit Transforming Videos.

Google DeepMind Launches Gemini Robotics: Merging AI with the Physical World

Devesh Patel — Tue, 18 Mar 2025 11:29:55 +0000

Google DeepMind has unveiled Gemini Robotics, an advanced AI model leveraging the Gemini 2.0 framework to enhance robotics through the integration of vision, language, and action. This development is pivotal for creating robots that can adapt and respond to their environments more effectively.

Image courtesy of Google DeepMind

Key Features of Gemini Robotics

Embodied Reasoning

A notable aspect of Gemini Robotics is its embodied reasoning capability, allowing robots to comprehend and react to their surroundings similar to humans. This feature is essential for tasks requiring quick adaptation in dynamic environments.

Humanoid Robotics Initiative

Google DeepMind is collaborating with Apptronik to develop the next generation of humanoid robots. This partnership aims at creating robots that can operate alongside humans in various settings, including homes and workplaces.

Safety and Ethical Considerations

With safety as a priority, Gemini Robotics incorporates collision avoidance and force limitation mechanisms. The ASIMOV dataset is utilized to enhance safety protocols, inspired by Isaac Asimov’s Three Laws of Robotics, ensuring robots act ethically and safely around humans.

Gemini Robotics’ Capabilities

Generality

Gemini Robotics is designed to generalize across various tasks, even those it has not encountered before. The model demonstrates superior performance on generalization benchmarks compared to existing state-of-the-art models.

Interactivity

The model's interaction capabilities allow it to process commands in natural language, adapting its behavior in real-time to instructions or changes in its environment. This “steerability” enhances collaboration between humans and robots in diverse settings.

Image courtesy of Google DeepMind

Dexterity

Gemini Robotics excels in executing complex, multi-step tasks that require precise manipulation, such as origami folding or packing items. This level of dexterity is crucial for performing tasks that humans usually handle effortlessly.

Gemini Robotics-ER Model

Alongside Gemini Robotics, the Gemini Robotics-ER (Embodied Reasoning) model enhances spatial reasoning abilities, enabling roboticists to integrate their programs with Gemini's advanced capabilities. This model significantly improves performance in tasks requiring spatial understanding.

Image courtesy of Google DeepMind

Safety and Ethical Frameworks

Google DeepMind emphasizes a holistic approach to safety, integrating low-level motor control with high-level semantic understanding. The development of the Robot Constitution framework aims to ensure that robots operate within defined ethical boundaries, promoting human safety.

Implications for Robotics Industry

The introduction of Gemini Robotics signifies a pivotal shift in robotics, particularly in how AI can enhance physical interactions. As highlighted by Kanishka Rao, director of robotics at DeepMind, the model addresses a core challenge in robotics: the failure to generalize in unfamiliar scenarios.

This leap forward, combining AI and robotics, aligns with the trend of integrating large language models into robotic systems, making them more adaptable and responsive to human commands. The Gemini framework is expected to enable a new generation of robots capable of performing tasks with minimal programming.

Image courtesy of Google DeepMind

Collaboration with Other Robotics Companies

Google DeepMind is collaborating with trusted testers, including Agile Robots and Boston Dynamics, to refine the capabilities of the Gemini Robotics-ER model. These partnerships are aimed at exploring applications of the technology in real-world scenarios.

Conclusion

To explore how advanced authentication solutions can enhance the security and user management in enterprise settings, consider SSOJet’s API-first platform. Implement secure SSO and user management with features such as directory sync, SAML, OIDC, and magic link authentication. Discover more at SSOJet.

The Model Context Protocol (MCP) Explained: A Game-Changer for AI and Startups

Devesh Patel — Mon, 17 Mar 2025 11:05:26 +0000

MCPs (Model Capability Protocols) are revolutionizing AI integrations. If you’ve ever built an AI agent that connects with APIs like Slack, Gmail, or a custom database, you know the pain of manually setting up and maintaining these integrations. You have to write custom prompts, enforce restrictions (e.g., limiting Gmail API access to sending emails only), and ensure smooth communication between the agent and APIs.

But here’s the problem: if you want to use the same AI agent in another application, you have to redo all that work from scratch. That’s where MCP (Model Capability Protocol) comes in, offering a standardized way to connect AI agents to various services effortlessly.

The Old Way vs. The MCP Way

Without MCP, every new integration requires custom implementations. If you build an agent that works with Slack, Gmail, and a custom database in one app, it won’t work seamlessly in another app like Cursoror WindSurfwithout redoing all the work.

With MCP, you don’t have to reinvent the wheel. Instead, you can set up an MCP server that connects to different APIs. Any AI agent—whether it’s Cursor, WindSurf, or another tool—can then communicate with this MCP server using a common protocol, making integration effortless and reusable.

How MCP Works

MCP operates through three key components:

Host : The application running the AI agent (e.g., Cursor, an IDE).
Client : The tool communicating with the MCP server.
Server : The backend handling API interactions (e.g., Slack’s MCP server, Gmail’s MCP server, or a custom one you build).

For example, if Slack provides an MCP server, any AI agent (Cursor, WindSurf, etc.) can instantly connect to Slack without needing custom API implementations. The server handles everything, and the agent just plugs in.

Real-World Example: Using MCP for Machine Learning Experiments

Let’s say you’re working on a machine learning project where your model runs locally, and you frequently need to test it with different variables. Instead of writing new scripts for every experiment, you can integrate it with an AI agent like Cursor using MCP.

Here’s how it works:

Define a tool on your MCP server called invoke_model, which takes a payload (data) and sends a request to your locally running model.
Include documentation that tells AI agents how to format the data correctly.
Register this MCP server in Cursor, allowing it to communicate with your model seamlessly.

Now, you can simply tell Cursor: “Invoke the model with three samples from penguins.csv,” and it figures out the format, retrieves the data, and runs the model automatically. You can even say: “Now change body weight to one standard deviation and run again,” and it executes the entire experiment for you.

Why MCP is a Game-Changer

MCP solves key problems that developers and businesses face when integrating AI with external services:

Reusability : The same MCP server can work with different AI agents without modifications.
Scalability : Companies can provide MCP servers, making their APIs instantly accessible to multiple applications.
Efficiency : AI agents interact with APIs in a structured way, reducing manual work and eliminating redundant integrations.

Traditionally, integrating AI models with multiple tools was frustrating due to inconsistencies in APIs. Every tool had its own format, and any changes could break the system. MCP eliminates these challenges by introducing a standardized way for AI models to interact with services, leading to:

Easier and faster integrations – No more spending hours configuring each tool manually.
More reliable AI assistants – Fewer disruptions when APIs change.
Optimized resource utilization – Businesses can dynamically allocate computing power based on model capabilities.

Startup Opportunities with MCP

Whenever a major protocol (like HTTP or SMTP) becomes widely adopted, new business opportunities emerge. So, how can startups capitalize on MCP?

1. Building MCP-Based Developer Tools

Technical founders can create tools that simplify MCP adoption , such as:

MCP integration platforms that automate model onboarding.
MCP monitoring tools that track model performance and reliability.

2. MCP App Store

A marketplace where developers can browse and deploy different MCP-compatible models and services, similar to how APIs are listed on RapidAPI.

3. AI Automation Services

As MCP adoption grows, businesses will look for no-code or low-code AI automation platforms that integrate seamlessly with MCP-enabled tools.

4. AI Consulting & Implementation

For non-technical founders, offering MCP integration services to businesses could be an excellent opportunity.

While MCP is still in its early days, understanding its impact now will help entrepreneurs move quickly when the market matures.

The Future of MCP

Many companies are already adopting MCP, with directories listing hundreds of plug-and-play MCP servers. The possibilities are endless, from automating workflows to integrating AI agents seamlessly across platforms.

Despite its potential, MCP faces some challenges:

Adoption & Standardization – AI companies need to align on a single protocol.
Security & Privacy – Exposing model capabilities raises concerns about data security.
Complexity of Implementation – Not all models fit neatly into predefined capability schemas.

However, the future of MCP looks promising. As AI adoption expands, having a universal protocol for model interaction will be essential.

Final Thoughts

MCP is more than just a technical standard—it’s a revolutionary shift in how AI models interact with external services. Whether you’re a developer, a startup founder, or an AI enthusiast , keeping up with MCP developments could put you ahead of the curve.

If you’re working with AI, now is the time to explore MCP. It might just redefine the way AI models are built, deployed, and monetized.

What is SAML and how SAML authentication works

Devesh Patel — Mon, 03 Apr 2023 20:43:22 +0000

What is SAML

Security Assertion Markup Language (SAML) is an XML-based standard protocol for exchanging authentication data between two parties. SAML is designed to enable Single Sign- On (SSO) across different applications and systems that belong to the same organization or consortium. SAML allows a user to log in once and then access multiple applications or services without having to log in again for each application or service, this is exactly SSO.

SAML is based on the concept of a trust relationship between the identity provider (IdP) and the service provider (SP). The IdP is responsible for authenticating the user and providing the necessary identity information in the form of SAML assertions to the SP. SP uses the SAML assertions to grant or deny access to resources.

SAML is famous in enterprise environments, online service providers and government agencies. It is most popula SSO protocols. The SAML standard is maintained by the Organization for the Advancement of Structured Information Standards (OASIS), and it is continually evolving to meet the changing security and privacy requirements of modern internet based applications.

Benefits of SAML

Secure: SAML allows for secure transfer of authentication and authorization data between parties and make sure that user identity and access information is confidential. SAML is designed by keeping in mind security requirement of enterprises and regulated industry, that’s why it’s highly secure protocol.

SSO: Using SAML organizations can implement SSO for their multiple applications means users can access multiple web applications and services without login multiple time. it solves the problems of multiple credentials for multiple applications which belongs to one organizations.
Scalability: SAML supports a wide range of authentication and authorization scenarios and use cases. This makes SAML highly scalable and adaptable to variety of business requirements. It can fit in most of the industry with it’s flexibility and security.

Interoperability: SAML is a popular SSO Protocol which means it can be used with different vendor’s applications and systems. It’s specificiations are well defined and give great flexibility without doing customization to it, that’s make sure that cross oganizations applications are compatible with each other.

Save cost: SAML reduce cost of managing user’s authnetications and access to multiple applications and services, Login once reduce processsing of number of authentications on multiple applications.

Enhanced User Experience: SSO always make user experience better, if organization have multiple applications and if user doesn’t require to singup as well login multiple time.
Compliance: SAML is well designed for enterprises requirements, it has all security and privacy scenerios which make it’s compliant protocol.

SAML terminology

Identity Provider (IdP): Identity Provider is authenticate users and generte SAML assertions that contain data about user identity and access related.

Service Provider (SP): Service provider is application that users want to access after successfull authentication by Identity Provider. Service Provider accept SAML assertion sent by Identity Provider.

SAML Assertion: A SAML assertion is an XML document that contains data of user’s identity (ID and Atrributes) and access, also metadata of the assertion itself, such as its validity period, public key and the IdP that issued it.

SAML Protocol: A set of rules and methods for exchanging SAML assertions between the Identity provider and the Service Provider. In January 2001, OASIS Security Services Technical Committee (SSTC) convened for the first time with mandate of creating an XML framework to facilitate the exchange of authentication and authorization information.

Attribute: An attribute is a use profile related fields, such as name, email address, or group. It is paert of a SAML assertion. Attributes are used by the SP to identify identify user and provide access according to it.

NameID: A NameID is a unique identifier that is assigned to a user by the IdP and included in a SAML assertion. NameID is used by the SP to identify the user across different applications.

Metadata: Metadata is information about a identity Provider or Service Provider, SP require IdP’s meta data and IdP require SP’s metadata to establish trust between both. Metadata includes information about the SP or IdP’s endpoints (assertion consumer service URL, SLO URL etc.), certificate, audience and other relevant details.

Subject: Subject refers to user on whose behalf the SAML assertion has been generated, it contains NameID XML tag also.
Single Logout (SLO): A process that enables a user to log out of all web applications or services that use SAML authentication with a single action.

Binding: Method for transmitting SAML messages between an IdP and an SP, such as HTTP Redirect, HTTP POST, or SOAP.

SAML flows

Here is The general steps of creating a SAML assertion and consumption involves the following steps:

User Attempt to Access Restriucted Resources: User attempts to access a service provider (SP) application that requires authentication. SP redirects the user to the Identity Provider (IDP) for authentication.

IdP Authentication: IdP authenticates the user in this step if user’s session doesn’t exist. IdP can authanticate using a various methods example username and password, two-factor authentication, or smart card authentication.

Assertion Creation: Once the user is authenticated, IdP creates a SAML assertion that contains data about user and authentication status. IdP Sign the assertion using IdP Proivate key to ensure its authenticity and integrity.

Assertion Delivery: IdP sends the SAML assertion to the SP via the user’s browser, using either the HTTP POST or HTTP Redirect binding. IdP Sends assertion in XML format.

Assertion Validation: SP receives the SAML assertion and validates it by verifying the signature, checking the expiration date, and verifying that the assertion is intended for the SP.

Attribute Extraction: Once the SAML assertion is validated, SP extracts user attributes such as name, email, and group.

Session Creation: SP creates a session for user, allowing user to access SP application. There are two types flows in SAML, these are IdP-Intiaited and SP-Initiated flows.

IdP initiated

SAML IdP-initiated flow is a scenario where the user is first authenticated by the Identity Provider (IDP) and then redirected to a Service Provider (SP) application without the user having to initiate the request. The process involves the following steps:

IdP Authentication: User try to access the specific SP application, IdP authenticates the user in this step if user’s session doesn’t exist. IdP can authanticate using a various methods example username and password, two-factor authentication, or smart card authentication.

Assertion Delivery: IdP sends the SAML assertion to the SP via the user’s browser, using either the HTTP POST or HTTP Redirect binding. IdP Sends assertion in XML format.

Assertion Validation: SP receives the SAML assertion and validates it by verifying the signature, checking the expiration date, and verifying that the assertion is intended for the SP.

Attribute Extraction: Once the SAML assertion is validated, SP extracts user attributes such as name, email, and group.

Session Creation: SP creates a session for user, allowing user to access SP application. In the IdP-initiated flow, the user is first authenticated by IdP, and request is initiated by the IdP, which then sends SAML assertion to SP. This flow is typically used in situations where user is on IdP portal and use want to access SP directly.

SP-Intiated

SAML SP-initiated flow is a scenario where user initiates the request to access a Service Provider (SP) application and is then redirected to the Identity Provider (IDP) for authentication. The process involves the following steps:

User Attempt to Access Restriucted Resources: User attempts to access a service provider (SP) application that requires authentication.

SP Request: The SP determines that user needs to be authenticated and sends a SAML request to the IdP, requesting user’s authentication and authorization information,.

SP Request validation: IdP receives the SAML request and validate and verify by signature.

Assertion Delivery: IdP sends the SAML assertion to the SP via the user’s browser, using either the HTTP POST or HTTP Redirect binding. IdP Sends assertion in XML format.

Assertion Validation: SP receives the SAML assertion and validates it by verifying the signature, checking the expiration date, and verifying that the assertion is intended for the SP.

Attribute Extraction: Once the SAML assertion is validated, SP extracts user attributes such as name, email, and group.

Session Creation: SP creates a session for user, allowing user to access SP application. In the SP-initiated flow, the user initiates the request to access the SP application, and the SP sends a SAML request to the IDP for authentication and authorization. This flow is typically used in situations where the user needs to access a specific resource or application directly.

SAML Use cases

Workforce SSO
SAML is very popular into Workforce SSO, All the Workforce SSO providers support SAML so it can be integrated with internal tools either SaaS or on-prem. Using workfoce SSO companies can control their employees accesses from a single dashboard, onboarding, management and offbording. As SAML is well defined protocol so it’s highly secure and flexible which fits in enterprise ecosystem for identity use case. All the enterprises and mid-sized businesses use Workforce SSO.

B2B SaaS SSO
When we say that all the Enterprise and mid-sized use Workforce SSO means all B2B SaaS solution who deal or want to deal in this segment means they require to integrate SAML so their customer’s Workforce SSO can be integrated with their system. All the B2B SaaS platform these days supports integration of Workforce SSO.

*Example SAML Response: *

<samlp:Response ID="_257f9d9e9fa14962c0803903a6ccad931245264310738"
IssueInstant="2009-06-17T18:45:10.738Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://www.salesforce.com
</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>

<saml:Assertion ID="_3c39bc0fe7b13769cab2f6f45eba801b1245264310738"
IssueInstant="2009-06-17T18:45:10.738Z" Version="2.0">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
https://www.salesforce.com
</saml:Issuer>
<saml:Signature>
<saml:SignedInfo>
<saml:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<saml:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<saml:Reference URI="#_3c39bc0fe7b13769cab2f6f45eba801b1245264310738">
<saml:Transforms>

<saml:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-
signature"/>

<saml:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ds saml xs"/>
</saml:Transform>
</saml:Transforms>
<saml:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<saml:DigestValue>vzR9Hfp8d16576tEDeq/zhpmLoo=
</saml:DigestValue>
</saml:Reference>
</saml:SignedInfo>
<saml:SignatureValue>
AzID5hhJeJlG2llUDvZswNUrlrPtR7S37QYH2W+Un1n8c6kTC
Xr/lihEKPcA2PZt86eBntFBVDWTRlh/W3yUgGOqQBJMFOVbhK
M/CbLHbBUVT5TcxIqvsNvIFdjIGNkf1W0SBqRKZOJ6tzxCcLo
9dXqAyAUkqDpX5+AyltwrdCPNmncUM4dtRPjI05CL1rRaGeyX
3kkqOL8p0vjm0fazU5tCAJLbYuYgU1LivPSahWNcpvRSlCI4e
Pn2oiVDyrcc4et12inPMTc2lGIWWWWJyHOPSiXRSkEAIwQVjf
Qm5cpli44Pv8FCrdGWpEE0yXsPBvDkM9jIzwCYGG2fKaLBag==
</saml:SignatureValue>
<saml:KeyInfo>
<saml:X509Data>
<saml:X509Certificate>
MIIEATCCAumgAwIBAgIBBTANBgkqhkiG9w0BAQ0FADCBgzELM
[Certificate truncated for readability...]
</saml:X509Certificate>
</saml:X509Data>
</saml:KeyInfo>
</saml:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
saml01@salesforce.com
</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2009-06-17T18:50:10.738Z"
Recipient="https://login.salesforce.com"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2009-06-17T18:45:10.738Z" NotOnOrAfter="2009-06-
17T18:50:10.738Z">
<saml:AudienceRestriction>

<saml:Audience>https://saml.salesforce.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2009-06-17T18:45:10.738Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="portal_id">
<saml:AttributeValue xsi:type="xs:anyType">060D00000000SHZ
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="organization_id">
<saml:AttributeValue xsi:type="xs:anyType">00DD0000000F7L5
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ssostartpage"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xsi:type="xs:anyType">
http://www.salesforce.com/security/saml/saml20-gen.jsp
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="logouturl"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string">
http://www.salesforce.com/security/del_auth/SsoLogoutPage.html
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

Conclusion

SAML solves the Security and User experience problems with greater flexibility, it is defacto solution when we think about the identity exchange between two parties. SAML’s strength is it’s well define specification which make this fir for most of the use canse of Identity Federation and SSO. SAML is not that popular in B2C applications, JWT, OAuth and OIDC are well known protocols into B2C.