OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: new work - saml metadata extensions for trust information


Some of you may have heard of the Seamless Access project (seamlessaccess.org). The
aim is to build a discovery service for (currently) SAML 2.0. Most of the interested
parties are related to the research and education federation space (eg InCommon in
the US, GEANT in the EU etc)

One of the issues facing discovery in large-scale federations is how to handle
differentiated login requirements - for instance in some of the interfederations
where InCommon is a member (based on metadata exchange) there are SPs that require
a particular assurance certification for login. Assurance cerficiation is signaled
in metadata but the information that the SP has this requirement is not signaled

I am working on a proposal to signal (primarily with discovery UX in mind) information
about the set of trusted IdPs of an SP. The proposal is by no means fully baked but
I am reaching out to the SSTC early to guage interest. Would such a thing be
interesting to consider for the SSTC?

	Cheers Leif

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]