shibboleth-dev - Re: passive authN
Subject: Shibboleth Developers
List archive
- From: Tom Barton <>
- To:
- Subject: Re: passive authN
- Date: Wed, 02 Nov 2005 15:27:58 -0600
Scott Cantor wrote:
Certainly, but the IdP is not just an application, it's a web authentication
service. If an authentication service isn't a reasonable place to implement
credentials collection...
Collecting credentials is indeed the tripwire for me. The AuthN Req/Resp stuff seems focused on authN metadata and doesn't oblige the IdP to handle actual creds.
Using an external SSO system means that it controls the UI, and that means
the SAML aware portion of the IdP needs to influence the behavior of the SSO
system. That's not something we can design for without any boundaries.
Agreed, so I think a discussion should occur in which that boundary is scouted. It *might* be reasonable to specify a means to enable a conforming SSO to integrate with a SAML2 IdP, or at least a shib 2.0 IdP.
Tom
- Re: passive authN, Chad La Joie, 11/02/2005
- Re: passive authN, Jim Fox, 11/02/2005
- Re: passive authN, Chad La Joie, 11/02/2005
- RE: passive authN, Scott Cantor, 11/02/2005
- Re: passive authN, Tom Barton, 11/02/2005
- RE: passive authN, Scott Cantor, 11/02/2005
- Re: passive authN, Tom Barton, 11/02/2005
- RE: passive authN, Scott Cantor, 11/02/2005
- RE: passive authN, Jim Fox, 11/02/2005
- Re: passive authN, Scott Cantor, 11/02/2005
- RE: passive authN, RL 'Bob' Morgan, 11/03/2005
- Re: passive authN, Tom Scavo, 11/03/2005
- Re: passive authN, RL 'Bob' Morgan, 11/03/2005
- Re: passive authN, Tom Scavo, 11/03/2005
- RE: passive authN, Scott Cantor, 11/03/2005
- Re: passive authN, Tom Scavo, 11/03/2005
- RE: passive authN, Scott Cantor, 11/03/2005
- RE: passive authN, Scott Cantor, 11/02/2005
- Re: passive authN, Tom Barton, 11/02/2005
- RE: passive authN, Scott Cantor, 11/02/2005
- Re: passive authN, Tom Barton, 11/02/2005
- Re: passive authN, Jim Fox, 11/02/2005
Archive powered by MHonArc 2.6.16.