SAML 2.0 provides several new features:
Pseudonyms: An arbitrary name assigned by the identity provider to identify a user to a service provider. The identifier has meaning only in the context of the relationship between the relying parties. They can be a principal’s e-mail or account name. Pseudonyms are a key privacy feature that inhibits collusion between multiple providers.
Metadata: The SAML metadata specification defines how to express configuration and trust-related data to simplify SAML deployment. Metadata identifies the Identity Servers involved in performing single sign-on between trusted identity providers and service providers.
Metadata includes supported roles, identifiers, supported profiles, URLs, certificates, and keys. System entities must agree upon the data.
Encryption: SAML permits attribute statements, name identifiers, or entire assertions to be encrypted. Encryption ensures that end-to-end confidentiality of these elements can be supported as needed.
Attribute profiles: Profiles simplify how you configure and deploy systems that exchange attribute data. They include:
Basic attribute profile: Supports string attribute names and attribute values drawn from XML schema primitive type definitions.
X.500/LDAP: Supports canonical X.500/LDAP attribute names and values.
UUID attribute profile: Supports using UUIDs as attribute names.
XACML attribute profile: Defines formats suitable for processing by XACML (Extensible Access Control Markup Language).