saml-dev message

Subject: RE: [saml-dev] Questions related to ECP profile

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Hareendran M. - CTD, Chennai.'" <hareem@ctd.hcltech.com>, <saml-dev@lists.oasis-open.org>
Date: Fri, 15 Jul 2005 13:27:28 -0400

> 1. Can I have a real world usage of this ECP profile? (All 
> the docs I havegone through for this profile are explaining the
interaction 
> only from ECP, not from User-Agent)

An ECP is a user-agent. It may be a server-side proxy or it may be a real
device. The real-world usage is to adapt existing HTTP-based services to a
richer SSO interaction in which the client knows the IdP, thus solving the
problem of IdP discovery. It would be quite fascinating to see an extension
turn Firefox into an EC, IMHO.

> 2. Reference: saml-profiles-2.0-os Page:29 Line: 976: SOAP Auth Request
have
> a IDPList Block. In ECP profile, it is said that the appropriate IDP
> selection is happening at ECP not at SP. Then how the SP can have this
list?

It's a list of the acceptable IdPs. That's a judgement only the SP can make.

> Do ECP need to select IDP from the list given by SP? Or Can ECP selects an
> IDP that is not in the list? 

Not really, no. Would be pointless.

-- Scott