Shibboleth Developers

[Chad La Joie <>]

Tom Scavo wrote:
> Is this a design for a per-SP discovery service?  This seems to be the
> case since the protocol doesn't require the unique identifier of an
> SP.  Also, since the return URL is arbitrary, how do you prevent a
> rogue SP from spoofing the user to divulge their preferred IdP?

No, it's not for one SP.  It may be maintained in that way or centrally 
like the current WAYF concept.  If you look at Ian's comment on the page 
you'll see his suggested adding the provider ID (in order to do some 
advanced filtering, not because it's needed).  I imagine we'll okay that 
on tomorrow's call.

> To integrate with the SessionInitiator at the SP, would it be better
> to call the output parameter 'providerId' instead of 'entityID'?  Then
> the return URL could point to a (lazy) SessionInitiator endpoint (or
> maybe I'm misunderstanding the purpose of this new service).

We're standardizing on entity ID throughout the code.

--
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124