As best I can determine, id.wave provides TPM-secured credentials in response to an SAML-based request from the relying party (ie. website), whereas the credentials released by non-id.wave identity providers are not TPM-secured. Apparently an id.wave identity assertion (still TPM-secured credentials like a non-SAML assertion) can be done in the SAML format in case the relying party uses SAML.
Id.wave is the only identity provider at the present time to secure credentials in the TPM (SAML assertions or other).
Thus a service provider relies on the identity provider to identify the principal. At the principal's request, the identity provider passes a SAML assertion to the service provider. On the basis of this assertion, the service provider makes an access control decision.
So, Wave is the identity provider passing the SAML assertion to the service provider (releasing the user's credentials for website access)...the credentials are hardware-secured in the TPM.
News 
Market Data 
Discover 
