Shibboleth Developers

["Scott Cantor" <>]

> > What is 2.0 CDC? Could you please post a link to it?
> > If there is a standard coming up, we would surely like to adopt it.
>
> I think Scott is referring to the "common domain cookie" from the SAML
> 2.0 IdP Discovery Profile (in the SAML2 profiles doc).

Yes, but it's not a standard for what you're trying to propose, Thomas. The
CDC is a model where the IdP and SP use a shared domain, and the IdP sets
the cookie after login and the SP fetches the value if it needs to know
where to send the user. It's a different approach.

My reasoning for having all WAYF-like things copy the cookie format is so
that all the cookies that are serving the same basic role will be the same
and might be manageable from the client end.

-- Scott