OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] I have created a sample SSO scenario; Am I understanding correctly how SAML is to be used?


> Of course the problem with this (and nearly all SP-first 
> scenarios) is IdP discovery.  How does the SP know the 
> principal's preferred IdP? 

That's an issue whether or not one knows who the user is.  But of
course, there are many different solutions to discovery and it 
probably has the largest impact on the first access to the SP.

> Most likely the car rental service has numerous such business 
> relationships and won't know apriori which one to invoke.  If 
> the discovery process can be avoided, which seems to be the 
> case here, by all means do so.

I think that in this situation it will be an even split between
the plus's and minus's (or should that be mini :-)).  if the 
car rental company is only worried about people coming from the
airlines, then it won't matter to them and unsolicited authn response
is fine.  However, if they want to encourage direct access, even
for users who use the airline as an IdP, the would probably want
to support the full authnrequest model.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]