OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)


--- Peter C Davis <peter.davis@neustar.biz> wrote:

> Applogies for the vacant reference: 
> 
>
http://www.oasis-open.org/committees/download.php/9461/sstc-saml-metadata-2.0-cd-02.pdf
> 
> in the MetaData-2.0 cd.  
> DDDS (mentioned within this document) refers to
> "Dynamic Delegation
> Discovery System" as defined in RFC3401-3405
> (http://www.ietf.org/rfc/rfc3401.txt etc...) which
> SAML profiles for
> Metadata resolution.
> 
> --- peterd
> 
> On Tue, 2004-10-12 at 11:07, Tom Scavo wrote:
> > I'm sorry but what is the DDDS Metadata Resolution
> profile?  I do not
> > see this in the SAML 2.0 docs...
> > 
> > Thanks,
> > Tom Scavo
> > 
> > 
> > On Tue, 12 Oct 2004 10:05:47 -0400, Peter C Davis
> > <peter.davis@neustar.biz> wrote:
> > > I would add one more, where the input string to
> the DDDS Metadata
> > > Resolution profile (in this case 1324@uhi.ac.uk)
> would resolve, via the
> > > DNS, to the SAML Authentication Authority(s).
> > > 
> > > --- peterd
> > > 
> > > 
> > > 
> > > On Tue, 2004-10-12 at 08:20, Conor P. Cahill
> wrote:
> > > > Alistair Young wrote on 10/12/2004, 4:28 AM:
> > > >
> > > >  >  [detailed discussion about using a user
> provided identity handle
> > > >  >  as a means of "discovering" the location
> of the SAML Authentication
> > > >  >  authority]
> > > >
> > > > Yes, this is a possible means.  Others, that I
> am aware of include:
> > > >
> > > >     a) Common domain cookie (where the two (or
> more) sites use
> > > >        a common domain to store one or more
> locations of
> > > >        SAML authorities that have spoken for a
> user sitting in
> > > >        front of the browser at some point in
> the past -- not
> > > >        necessarily the current user).
> > > >
> > > >     b) Scarab (not sure where the word came
> from) - where a site
> > > >        places one or more icons on the login
> page indicating that
> > > >        the user can select the icon
> representing their SAML
> > > >        authority to use for this
> authentication.
> > > >
> > > >     c) Search - when there is a very small set
> of possible
> > > >        authorities, you can walk the list
> using passive requests
> > > >        until you have success
> > > >
> > > >     d) Drop down lists - the SP lists all of
> the possible
> > > >        authorities in a drop down list.
> > > >
> > > > I'm sure there are many others and many
> manifistations of those.
> > > >
> > > > Note that once you have gotten an
> authentication, you can store the
> > > > authority in a local cookie and/or in the URL
> so that subsequent
> > > > access doesn't require the discovery process.
> > > >
> > > > Conor
> > > >
> > > 
> > >
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]