...
- Session management - The single logout protocol in SAML V2.0 provides a protocol by which all sessions provided by a particular session authority can be near-simultaneously terminated. As an example, if a user, after authenticating at an identity provider, achieved single sign-on to multiple service providers, they could be automatically logged out of all of those service providers at the request of the identity provider.
- Devices - SAML V2.0 introduces new support for the mobile world, addressing both the challenges introduced by device and bandwidth constraints and the opportunities made possible by emerging smart or active devices.
- Privacy mechanisms - SAML V2.0 includes mechanisms that allow providers to communicate privacy policy and settings. For instance, SAML makes it possible to obtain and express a principal's consent to some operation being performed.
- Identity provider discovery - In deployments having more than one identity provider, service providers need a means to discover which identity provider(s) a principal uses. The identity provider discovery profile relies on a cookie written in a common domain between identity and service providers.
Taken from: InCCollaborate:SAML V2.0 Executive Overview(12 April 2005, published by OASIS)