Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)

[Tom Scavo <trscavo@gmail.com>]

I'm sorry but what is the DDDS Metadata Resolution profile?  I do not
see this in the SAML 2.0 docs...

Thanks,
Tom Scavo


On Tue, 12 Oct 2004 10:05:47 -0400, Peter C Davis
<peter.davis@neustar.biz> wrote:
> I would add one more, where the input string to the DDDS Metadata
> Resolution profile (in this case 1324@uhi.ac.uk) would resolve, via the
> DNS, to the SAML Authentication Authority(s).
> 
> --- peterd
> 
> 
> 
> On Tue, 2004-10-12 at 08:20, Conor P. Cahill wrote:
> > Alistair Young wrote on 10/12/2004, 4:28 AM:
> >
> >  >  [detailed discussion about using a user provided identity handle
> >  >  as a means of "discovering" the location of the SAML Authentication
> >  >  authority]
> >
> > Yes, this is a possible means.  Others, that I am aware of include:
> >
> >     a) Common domain cookie (where the two (or more) sites use
> >        a common domain to store one or more locations of
> >        SAML authorities that have spoken for a user sitting in
> >        front of the browser at some point in the past -- not
> >        necessarily the current user).
> >
> >     b) Scarab (not sure where the word came from) - where a site
> >        places one or more icons on the login page indicating that
> >        the user can select the icon representing their SAML
> >        authority to use for this authentication.
> >
> >     c) Search - when there is a very small set of possible
> >        authorities, you can walk the list using passive requests
> >        until you have success
> >
> >     d) Drop down lists - the SP lists all of the possible
> >        authorities in a drop down list.
> >
> > I'm sure there are many others and many manifistations of those.
> >
> > Note that once you have gotten an authentication, you can store the
> > authority in a local cookie and/or in the URL so that subsequent
> > access doesn't require the discovery process.
> >
> > Conor
> >
> 
>