OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [saml-dev] SAML 1.1 Technical Overview (11 May 2004)



--- Tom Scavo <trscavo@gmail.com> wrote:

> I'm sorry but what is the DDDS Metadata Resolution
> profile?  I do not
> see this in the SAML 2.0 docs...
> 
> Thanks,
> Tom Scavo
> 
> 
> On Tue, 12 Oct 2004 10:05:47 -0400, Peter C Davis
> <peter.davis@neustar.biz> wrote:
> > I would add one more, where the input string to
> the DDDS Metadata
> > Resolution profile (in this case 1324@uhi.ac.uk)
> would resolve, via the
> > DNS, to the SAML Authentication Authority(s).
> > 
> > --- peterd
> > 
> > 
> > 
> > On Tue, 2004-10-12 at 08:20, Conor P. Cahill
> wrote:
> > > Alistair Young wrote on 10/12/2004, 4:28 AM:
> > >
> > >  >  [detailed discussion about using a user
> provided identity handle
> > >  >  as a means of "discovering" the location of
> the SAML Authentication
> > >  >  authority]
> > >
> > > Yes, this is a possible means.  Others, that I
> am aware of include:
> > >
> > >     a) Common domain cookie (where the two (or
> more) sites use
> > >        a common domain to store one or more
> locations of
> > >        SAML authorities that have spoken for a
> user sitting in
> > >        front of the browser at some point in the
> past -- not
> > >        necessarily the current user).
> > >
> > >     b) Scarab (not sure where the word came
> from) - where a site
> > >        places one or more icons on the login
> page indicating that
> > >        the user can select the icon representing
> their SAML
> > >        authority to use for this authentication.
> > >
> > >     c) Search - when there is a very small set
> of possible
> > >        authorities, you can walk the list using
> passive requests
> > >        until you have success
> > >
> > >     d) Drop down lists - the SP lists all of the
> possible
> > >        authorities in a drop down list.
> > >
> > > I'm sure there are many others and many
> manifistations of those.
> > >
> > > Note that once you have gotten an
> authentication, you can store the
> > > authority in a local cookie and/or in the URL so
> that subsequent
> > > access doesn't require the discovery process.
> > >
> > > Conor
> > >
> > 
> >
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]