Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)

[Peter C Davis <peter.davis@neustar.biz>]

I would add one more, where the input string to the DDDS Metadata
Resolution profile (in this case 1324@uhi.ac.uk) would resolve, via the
DNS, to the SAML Authentication Authority(s).

--- peterd

On Tue, 2004-10-12 at 08:20, Conor P. Cahill wrote:
> Alistair Young wrote on 10/12/2004, 4:28 AM:
> 
>  >  [detailed discussion about using a user provided identity handle
>  >  as a means of "discovering" the location of the SAML Authentication
>  >  authority]
> 
> Yes, this is a possible means.  Others, that I am aware of include:
> 
>     a) Common domain cookie (where the two (or more) sites use
>        a common domain to store one or more locations of
>        SAML authorities that have spoken for a user sitting in
>        front of the browser at some point in the past -- not
>        necessarily the current user).
> 
>     b) Scarab (not sure where the word came from) - where a site
>        places one or more icons on the login page indicating that
>        the user can select the icon representing their SAML
>        authority to use for this authentication.
> 
>     c) Search - when there is a very small set of possible
>        authorities, you can walk the list using passive requests
>        until you have success
> 
>     d) Drop down lists - the SP lists all of the possible
>        authorities in a drop down list.
> 
> I'm sure there are many others and many manifistations of those.
> 
> Note that once you have gotten an authentication, you can store the
> authority in a local cookie and/or in the URL so that subsequent
> access doesn't require the discovery process.
> 
> Conor
>