to compare the two might be worth a devcentral article. However, I will keep it short.
Device ID is an ASM / AdvWAF feature. The BIG-IP uses JavaScript to create a device ID from client. The JavaScript tries to obtain various signals from the client to retrieve attributes like the browser type and version, installed updates, installed fonts, and others. The BIG-IP stores the device ID in the TSPD101 cookie.
This information can be used for example with brute force attack prevention or web scraping protection.
Device ID+ is from Shape and uses more advanced methods for signal collection. The data is processed by Shape using AI and ML, the Shape API is called during the process of creating the cookie.
This will create a different kind of cookie, a Device ID+ cookie which contains the following values.
diA is known as the “residue-based identifier”. It is the main identifier used directly after the username in our example. This value is stored locally on the device and may be deleted if the user clears their local storage or cookies.
diB is known as the “attribute-based identifier”. This value will remain the same even when the user clears local storage. Keep in mind, it can change if the user upgrades their browser version as it is based on environment signals that remain consistent across browser versions.
This is just really brief technical comparison. Use cases, deployment scenarios - all this is explained in more detail in this two links:
