[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] returning multiple IdP entityIDs to the SP
Thanks for answering my previous questions, Scott. I should probably let this go but perhaps there's some value (to me, at least) if we dig a little deeper. On Fri, Aug 17, 2012 at 8:42 PM, Cantor, Scott <cantor.2@osu.edu> wrote: > > And, that's what a discovery service *is*. I assume you mean a discovery service is precisely the default behavior you've specified in the profile (urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single). Is that what you meant? If so, then let me ask: Suppose there were a 3rd party service that returned a list of the user's IdPs (i.e., the value of the "_saml_idp" cookie as defined in SAML2Prof). Would you call that a "discovery service"? > If an SP wants to do discovery > itself, it doesn't need this profile to do it. That statement is a little strong, I think. An SP that wants to do discovery itself can still benefit from a 3rd party service that knows about the user's global behavior. In that case, your profile could be used passively to obtain this information, which presumably would be used to optimize the UI at the SP. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]