OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Untrusted Service Provider Profile

> The OpenID model is thought to be flawed, as shown in this blog entry:

That flaw is orthogonal to the question of trusted SPs, and affects SAML
(browser SSO) just as much as OpenID.

> So I guess it depends on how you propose to do IdP Discovery.  How
> does the untrusted SP know the principal's preferred IdP?

Again, seems entirely orthogonal. Discovery is equally hopeless in all
browser based approaches and the simple OpenID mechanism of just telling it
the damn IdP seems a heck of a lot simpler than most of the SAML kluges,
including the one I submitted sadly.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]