OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] IdP DS Protocol and Profile

You don't need a policy for that.  The DS request contains the entity
ID of the SP and the DS has metadata so it can look up the metadata
for the SP and filter the IdPs based on that if it really cares.

Most SPs though would give a much better user experience if they owned
the DS and then only listed IdPs with which is was willing to work
(i.e. its "customers").

On Thu, Sep 30, 2010 at 21:37, Tom Scavo <trscavo@gmail.com> wrote:
> On Thu, Sep 30, 2010 at 11:57 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>> BTW, the DS protocol is SSO protocol agnostic. Using it doesn't imply any
>> particular SAML version (or SAML at all) between the SP and the selected
>> IdP. That was one of the possible extensions that might involve the policy
>> parameter, some way to filter the result by supported protocol, but the
>> basic protocol ignores that use case.
> You read my mind! The idea was that an SP could give the DS a hint as
> to what protocols it supported. I spoke with Lukas Hämmerle
> (maintainer of the SWITCH DS) about this but he's inclined to parse
> the metadata just-in-time (which makes sense actually).
> Tom
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

Chad La Joie
trusted identities, delivered

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]