OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Metadata support for Discovery profile

> For future consideration, despite the apparent Catch-22 
> situation, it does appear that such a mechanism could be 
> useful. While it is true that an SP would be unable to 
> immediately load a particular IDP metadata descriptor before 
> actually discovering the IDP, formalizing how the IDP 
> advertises the common domains in which it participates could 
> enable the SP building a list of potential common domains 
> automatically (by collecting common domain URLs from all IDPs 
> for which it had metadata descriptors). This compared to 
> building such a list in a piecemeal fashion from out-of-band 
> communications.

That was my conclusion also after thinking about it. In particular, we
(meaning the Shibboleth project) have an approach that groups IdPs into
federations using the EntitiesDescriptor element, and could imagine
advertising a common domain location in that element to cover all of the
IdPs in the group.

Since there are ample extension points in the schema, individual
implementations have some room to experiment before this is standardized.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]