[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)
Alistair Young wrote on 10/12/2004, 4:28 AM:
> [detailed discussion about using a user provided identity handle
> as a means of "discovering" the location of the SAML Authentication
> authority]
Yes, this is a possible means. Others, that I am aware of include:
a) Common domain cookie (where the two (or more) sites use
a common domain to store one or more locations of
SAML authorities that have spoken for a user sitting in
front of the browser at some point in the past -- not
necessarily the current user).
b) Scarab (not sure where the word came from) - where a site
places one or more icons on the login page indicating that
the user can select the icon representing their SAML
authority to use for this authentication.
c) Search - when there is a very small set of possible
authorities, you can walk the list using passive requests
until you have success
d) Drop down lists - the SP lists all of the possible
authorities in a drop down list.
I'm sure there are many others and many manifistations of those.
Note that once you have gotten an authentication, you can store the
authority in a local cookie and/or in the URL so that subsequent
access doesn't require the discovery process.
Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]