OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] Distributed IDP model


> Yes, but SAML doesn't stop the implementation of IdP & CIA as
> two independent IdPs where the interfaces exposed and feature
> set supported between IdP and CIA may be different (less feature
> rich) than the interfaces between the CIA and the relying parties
> while still being SAML compliant.  And that is the direction that
> I think they should be moving in.

The problem with adding a third entity (whatever you call it) is that that's
not how the SSO profile is defined. So it's a new profile, which is fine,
but that wasn't quite the thrust of the original question.

> I was speaking to there being two logical parties, not in the
> split-up of the internal implementation of an IdP.

Right, thus SP + "two other entities", which could be SSO via proxying (but
this appears to not be that) or something new.

And I haven't figured out what that something new would be or why I'd want
it.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]