| LCMAPS | Kerberos | Moonshot | simpleSAMLphp | UNITY | ||
|---|---|---|---|---|---|---|
| Authentication workflow | Password, RemoteUser, RemoteUserInternal, X509, X509Internal, SPNEGO/Kerberos, IPAddress,External | X.509 proxy certificate | Username/password, OTP,Kerberos ticket | Username/password (any RADIUS EAP- supported mechanism) | Username/password from user repository (SQL/LDAP/ RADIUS), X509 authentication through userCertificate, LDAP, social media | Username/Passwor d, Client Certificate, LDAP, Social Media | 
| Supported standards | SAML 1.1/2.0, X509, Kerberos, LDAP, SQL | X.509 (RFC5280 and RFC3820), VOMS | RFC 4121,RFC 4120 | RFC3748, RFC5247, RFC7055 | SAML 1.1/2.0, X509, OpenID, OAuth 2.0, Kerberos, VOOT, SQL, LDAP, RADIUS | SAML 1.1/2.0, X.509, OIDC, LDAP | 
| HA deployment | yes | Deployed in the service | Yes | RADIUS service can be run in HA environments | Yes, through multiple memcached service instances | Yes, relying on database layer | 
| Licence | Open Source | Open Source | Open Source | Open Source | Open Source | Open Source | 
| Expected support level | Supported by the Shibboleth consortium | Supported by NIKHEF | Supported by Linux distributions | Supported by Jsic | Collaborative support, large user communities | Supported by ICM, JSC, funded by PLGrid | 
| ARGUS | LCMAPS | mod_auth_mellon | |
|---|---|---|---|
| Type of input attributes | SAML2-XACML2 attributes X.509 and VOMS | X.509 proxy certificates with VOMS extensions | SAML2 attributes | 
| Support for policy management | Yes, ARGUS can import policies from remote PAPs | Config file allows complicated flows of plugins, including callouts to remote services (such as Argus). | Basic policies via Apache HTTP server config files | 
| LoA support | Supported but needs extra plugins | Yes, via lcmaps-plugins-vo-ca-ap | Yes, if LoA information available through SAML attributes | 
| HA deployment | Yes | Deployed with the services | Yes | 
| Licence | Open Source | Open Source | Open Source | 
| Maintenance | INFN/NIKHEF | NIKHEF | Community support Uninett | 
| Tools: | VOMS | HEXAA | COmanage | Grouper | Perun | UNITY | 
|---|---|---|---|---|---|---|
| Input Standard | X.509 | SAML2 | SAML (via Apache) | SQL, LDAP, XML | SAML2, X.509 | SAML2, X.509 SAML2, X.509, LDAP, OIDC | 
| Output Standards | X.509, SAML | SAML2 | VOOT, LDAP, SAML (via Shib IdP) | LDAP, VOOT, SCIM, XML | SAML2, VOOT | OIDC, SAML | 
| Handle attribute release consent | No | Yes | No | No | No | Yes | 
| Membership life-cycle management | Yes | No | Yes | No | Yes | No (Planned) | 
| VO Organization | Yes | Yes | Yes | Yes | Yes | Yes | 
| Delegated organization of the VO Groups | Yes | No | Yes | Yes | Yes | Yes | 
| HA deployment | Available | No | Available | Available | Partially Available | Available | 
| Licence | Open Source | Open Source | Open Source | Open Source | Open Source | Open Source | 
| Expected level of support | Supported by INFN, bug fixes. | Supported by SZTAKI and NIIFI | Supported by Internet2 TIER, various grants, and other sources | Supported by Internet2 TIER, various grants, and other sources | Supported by CESNET and Masaryk University. Maintenance and development. | Supported by ICM, JSC and Funded by PLGrid |