OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Public Comment

Comment from: sean@smo.uhi.ac.uk

This comment is based upon sstc-saml-profiles-2.0-cd-02.pdf, which deals specifically with the proposed SAML profiles specification.

Section 4.3 (lines 1048-1100) of this draft specification deals with the Identity Provider Discovery Profile [IPDP].  I represent a project working towards enabling inter-institutional authorization and authentication for education; Our project recommends that another profile be included in the IPDP, a profile by which the principal brings their IDP with them, e.g. user@org.com, thereby indicating that there will be an IDP listening on www.org.com/SSO.

This second profile would allow several additional use cases. These include cases where cookies are disabled in the browser. It allows for greater flexibility, without depending on the browser to switch domains. It would provide for less complex implementations where small deploying groups only have a small number of interacting principals and IDPs, including point to point SAML transactions.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]