[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)
--- Tom Scavo <trscavo@gmail.com> wrote: > I'm sorry but what is the DDDS Metadata Resolution > profile? I do not > see this in the SAML 2.0 docs... > > Thanks, > Tom Scavo > > > On Tue, 12 Oct 2004 10:05:47 -0400, Peter C Davis > <peter.davis@neustar.biz> wrote: > > I would add one more, where the input string to > the DDDS Metadata > > Resolution profile (in this case 1324@uhi.ac.uk) > would resolve, via the > > DNS, to the SAML Authentication Authority(s). > > > > --- peterd > > > > > > > > On Tue, 2004-10-12 at 08:20, Conor P. Cahill > wrote: > > > Alistair Young wrote on 10/12/2004, 4:28 AM: > > > > > > > [detailed discussion about using a user > provided identity handle > > > > as a means of "discovering" the location of > the SAML Authentication > > > > authority] > > > > > > Yes, this is a possible means. Others, that I > am aware of include: > > > > > > a) Common domain cookie (where the two (or > more) sites use > > > a common domain to store one or more > locations of > > > SAML authorities that have spoken for a > user sitting in > > > front of the browser at some point in the > past -- not > > > necessarily the current user). > > > > > > b) Scarab (not sure where the word came > from) - where a site > > > places one or more icons on the login > page indicating that > > > the user can select the icon representing > their SAML > > > authority to use for this authentication. > > > > > > c) Search - when there is a very small set > of possible > > > authorities, you can walk the list using > passive requests > > > until you have success > > > > > > d) Drop down lists - the SP lists all of the > possible > > > authorities in a drop down list. > > > > > > I'm sure there are many others and many > manifistations of those. > > > > > > Note that once you have gotten an > authentication, you can store the > > > authority in a local cookie and/or in the URL so > that subsequent > > > access doesn't require the discovery process. > > > > > > Conor > > > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]