OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - saml2-lecp.pdf uploaded





Well not all of us are involved in Liberty. I guess the tile of the
document gave me this impression, as its "metadata" so I guess what you are
proposing is not generalized metadata but just a Liberty version of
metatda, and will repeat its not very useful in its narrow scope.

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           Scott Cantor     |
|         |           <cantor.2@osu.edu|
|         |           >                |
|         |                            |
|         |           10/16/2003 10:52 |
|         |           AM               |
|---------+---------------------------->
  >------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                                |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS, security-services@lists.oasis-open.org                                                       |
  |       cc:                                                                                                                                      |
  |       Subject:  RE: [security-services] Groups - saml2-lecp.pdf uploaded                                                                       |
  >------------------------------------------------------------------------------------------------------------------------------------------------|




> > The other major, generic problem LECP solves is how to find an IDP for
> > a
> specific end user.... In enterprise you can assume things, in
> internet, in general, not. LECP will know  the IDPs for an end user.
>
> I thought that's why the metadata discovery protocol was
> being submitted, are both methods really needed ?

Metadata (and its discovery) has zero to do with discovering a principal's
IDP. I'm not sure what gave you that impression, but it's incorrect.

Once you know (or the user selects, or whatever) the principal's provider,
metadata discovery is how you know how to make use of it.

E.g. The SP has a list of trusted identity providers with their unique ID
and a readable name. The principal clicks on the one they use, and the SP
then uses the unique ID to obtain the metadata. This is a case where the
well known location approach can be used, with the ID itself being a URL to
the metadata.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]