OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)

Applogies for the vacant reference: 

http://www.oasis-open.org/committees/download.php/9461/sstc-saml-metadata-2.0-cd-02.pdf

in the MetaData-2.0 cd.  
DDDS (mentioned within this document) refers to "Dynamic Delegation
Discovery System" as defined in RFC3401-3405
(http://www.ietf.org/rfc/rfc3401.txt etc...) which SAML profiles for
Metadata resolution.

--- peterd

On Tue, 2004-10-12 at 11:07, Tom Scavo wrote:
> I'm sorry but what is the DDDS Metadata Resolution profile?  I do not
> see this in the SAML 2.0 docs...
> 
> Thanks,
> Tom Scavo
> 
> 
> On Tue, 12 Oct 2004 10:05:47 -0400, Peter C Davis
> <peter.davis@neustar.biz> wrote:
> > I would add one more, where the input string to the DDDS Metadata
> > Resolution profile (in this case 1324@uhi.ac.uk) would resolve, via the
> > DNS, to the SAML Authentication Authority(s).
> > 
> > --- peterd
> > 
> > 
> > 
> > On Tue, 2004-10-12 at 08:20, Conor P. Cahill wrote:
> > > Alistair Young wrote on 10/12/2004, 4:28 AM:
> > >
> > >  >  [detailed discussion about using a user provided identity handle
> > >  >  as a means of "discovering" the location of the SAML Authentication
> > >  >  authority]
> > >
> > > Yes, this is a possible means.  Others, that I am aware of include:
> > >
> > >     a) Common domain cookie (where the two (or more) sites use
> > >        a common domain to store one or more locations of
> > >        SAML authorities that have spoken for a user sitting in
> > >        front of the browser at some point in the past -- not
> > >        necessarily the current user).
> > >
> > >     b) Scarab (not sure where the word came from) - where a site
> > >        places one or more icons on the login page indicating that
> > >        the user can select the icon representing their SAML
> > >        authority to use for this authentication.
> > >
> > >     c) Search - when there is a very small set of possible
> > >        authorities, you can walk the list using passive requests
> > >        until you have success
> > >
> > >     d) Drop down lists - the SP lists all of the possible
> > >        authorities in a drop down list.
> > >
> > > I'm sure there are many others and many manifistations of those.
> > >
> > > Note that once you have gotten an authentication, you can store the
> > > authority in a local cookie and/or in the URL so that subsequent
> > > access doesn't require the discovery process.
> > >
> > > Conor
> > >
> > 
> >

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]