[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Metadata support for Discovery profile
> For future consideration, despite the apparent Catch-22 > situation, it does appear that such a mechanism could be > useful. While it is true that an SP would be unable to > immediately load a particular IDP metadata descriptor before > actually discovering the IDP, formalizing how the IDP > advertises the common domains in which it participates could > enable the SP building a list of potential common domains > automatically (by collecting common domain URLs from all IDPs > for which it had metadata descriptors). This compared to > building such a list in a piecemeal fashion from out-of-band > communications. That was my conclusion also after thinking about it. In particular, we (meaning the Shibboleth project) have an approach that groups IdPs into federations using the EntitiesDescriptor element, and could imagine advertising a common domain location in that element to cover all of the IdPs in the group. Since there are ample extension points in the schema, individual implementations have some room to experiment before this is standardized. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]