Skip to Content.
Sympa Menu

shibboleth-dev - Re: Future of the WAYF discussion

Subject: Shibboleth Developers

List archive

Re: Future of the WAYF discussion


Chronological Thread 
  • From: "Rod Widdowson" <>
  • To: <>
  • Subject: Re: Future of the WAYF discussion
  • Date: Tue, 27 Sep 2005 19:29:49 +0100

Stephen Carmody said:
rephrasing Spencer's question -- what can we do so that users never/rarely see the WAYF?

Well the catch22 situation is that until the user has first interacted with an IdP there is not a great deal you can do. What the Sciencedirect.com WAYF appears to do is to sniff at your IP address and make an educated guess about which IdP you might be interested in and suggest that first. I wouldn't like to be the one to maintain that though.

I guess that the bottom line is that right now, the WAYF is the worst possible way of doing IdP Discovery except for all the others, and you *do* need a way to bootstrap yourself into the situation at which you never see
the WAYF again unless you have to.

So in SDSS we are keen to make the WAYF easier to use, invisible where possible, and lower the barrier to entry for people who want to develop their own. We also have to address (sooner rather than later) how to service a world in which multiple SPs are in multiple (often disjoint) Federations.

Chad said:
I think that the multi-federation support being worked on by the SDSS folks needs to be incorporated (I'll leave it to them to describe this, if they want).

So what we've got (towards meeting all the above) right now is:

- Use of the same metadata provider (and infrastructure), as the IdP. This should shrink the war distribuion down from 7 Megs to being a handful of classes and a couple of jsps.

- Ability to load multiple medatata providers and sources (configured in wayf.xml in a way similar to the IdP).

- Automatic trimming of which IdP's are displayed (only IdPs which the SP knows about are listed)

- Use of the SAML_IDP cookie to store a list of recently visited IdPs. If one of the recently visited IdPs can service the SP, then the user never sees the WAYF (this is the same mechanism the WAYF uses in 1.3 generalised to using the SAML_IDP cookie and multiple federations).

At this stage if one postulates a SAML_IDP cookie aware SP and possibly a mechanism to manage the SAML_IDP cookie (maybe a browser plugin?) then we should get to a situation when the user only sees the WAYF when they genuinely have to set about discovering a new Identity Service.

/rod





Archive powered by MHonArc 2.6.16.

Top of Page