security-services message

Subject: RE: [security-services] question on IdP Discovery - SAML IOP event

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'Kyle Meadors'" <kyle@drummondgroup.com>, <security-services@lists.oasis-open.org>
Date: Thu, 23 Jul 2009 23:33:07 -0400

Kyle Meadors wrote on 2009-07-23:
> Basically needing the common domain to establish their local SSO session.
> Some others in the test group feel this is not normative and no one else
> needs this domain change for IdP Discovery. Would this be permissible or
> unnecessary? Thanks.

Seems counter to the point of the common domain to me, but I'm no expert on
that method. It's certainly not assumed by the profile, but it's not obvious
to me that it's precluded either.

Since the whole idea is that the DNS entries point to systems controlled by
the federation endpoints, seems like it's pretty open to interpretation how
much of the software has to be hosted at those endpoints.

-- Scott

Follow-Ups:
- Re: [security-services] question on IdP Discovery - SAML IOP event
  - From: Peter Davis <peter.davis@neustar.biz>

References:
- question on IdP Discovery - SAML IOP event
  - From: "Kyle Meadors" <kyle@drummondgroup.com>