OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] IdP DS Protocol and Profile

On Thu, Sep 30, 2010 at 2:45 PM, Chad La Joie <lajoie@itumi.biz> wrote:
> You don't need a policy for that.  The DS request contains the entity
> ID of the SP and the DS has metadata so it can look up the metadata
> for the SP and filter the IdPs based on that if it really cares.

Yes, that was Lukas' conclusion as well.

> Most SPs though would give a much better user experience if they owned
> the DS and then only listed IdPs with which is was willing to work
> (i.e. its "customers").

Of course, but we're rolling out a DS instance at the federation level
that could leverage the software's ability to filter IdPs based on
protocol support at the SP. As it turns out, nearly half of the
entities in the federation support a single protocol only.

Tom

> On Thu, Sep 30, 2010 at 21:37, Tom Scavo <trscavo@gmail.com> wrote:
>> On Thu, Sep 30, 2010 at 11:57 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>>> BTW, the DS protocol is SSO protocol agnostic. Using it doesn't imply any
>>> particular SAML version (or SAML at all) between the SP and the selected
>>> IdP. That was one of the possible extensions that might involve the policy
>>> parameter, some way to filter the result by supported protocol, but the
>>> basic protocol ignores that use case.
>>
>> You read my mind! The idea was that an SP could give the DS a hint as
>> to what protocols it supported. I spoke with Lukas Hämmerle
>> (maintainer of the SWITCH DS) about this but he's inclined to parse
>> the metadata just-in-time (which makes sense actually).
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
>> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
>>
>>
>
>
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]