OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?


On 5/9/06, Cahill, Conor P <conor.p.cahill@intel.com> wrote:
>
> > QUESTION: How does the car rental service identify to the
> > airline the person for which authentication information is
> > requested?  All that the car rental service knows is that an
> > HTTP GET was issued to this URL:
>
> The car rental service doesn't need to know this.  Essentially,
> with an AuthnRequest to the IdP, the Car Rental Service is
> saying "Hey, can you tell me my nameid for the user who is
> in control of this browser?"

Of course the problem with this (and nearly all SP-first scenarios) is
IdP discovery.  How does the SP know the principal's preferred IdP? 
Most likely the car rental service has numerous such business
relationships and won't know apriori which one to invoke.  If the
discovery process can be avoided, which seems to be the case here, by
all means do so.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]