RE: [security-services] Question on SP initiated authentication & provisioning first time user

["Scott Cantor" <cantor.2@osu.edu>]

> Provisioning of claims seems to be a natural part of the life-cycle
> between SPs and IDPs. After-all, SPs also generate claims themselves.

Yes, but many IdPs will be unwilling to store them IMHO.
 
> That said, I agree, provisioning probably isn't a big issue right now
> if your use case focuses on SSO and can use bulk provisioning within a
> tight vertical.

I'm still not getting the provisioning problem you're trying to solve,
unless it's identity portability.
 
> I agree, SPML could potentially work fine if agreed on an profiled in
> the context of SAML. Without that, the real issue is too many choices
> and no agreement in advance on standards.

Of course.

> SAML also has a different way of handling identifiers.  Would SPML be
> compatible with SAML use cases?

I would have assumed SPML wasn't crazy enough to try to dictate identifiers.

-- Scott