Access control service (SAML vs. SWT)

Access control services supports both SAML and SWT tokens, now what exactly is the difference between them

   

SAML

SWT

Protocol support

WS Trust, WS-federations (Soap based)

OAuth WRAP and OAuth 2.0 (HTTP REST)

Cryptographic differences

Tokens are signed using asymmetric keys (which provides CA verification, and revocation)

Tokens are signed using symmetric keys