shibboleth-dev - Re: IdP discovery protocol news

Subject: Shibboleth Developers

List archive

Re: IdP discovery protocol news

From: Ian Young <>
To:
Subject: Re: IdP discovery protocol news
Date: Sun, 04 Feb 2007 17:49:32 +0000
Openpgp: id=EA2882BB

Scott Cantor wrote:

> I prepared an OASIS draft from Rod's initial document and uploaded it as
> shown:
> http://www.oasis-open.org/archives/security-services/200701/msg00037.html

[...]

> If there's feedback from anybody else on this, please submit it here or to
> the SSTC public comment site.

Only two comments from me at this stage:

1. If you're adding expository text for the next draft anyway, it might
make sense to draw more of a picture in 2.2.3 about what happens if the
discovery service can not determine an identity provider.

2. In 2.3, "In the case that the return parameter includes a query
string, the discovery service MAY ignore it for the purposes of this
comparison". Is there a reason why this is permissive? I'd have
thought that would cause interoperability problems if the SP and the DS
didn't agree on the handling of the query string.

-- Ian

Re: IdP discovery protocol news, Ian Young, 02/04/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/04/2007
  - Re: IdP discovery protocol news, Ian Young, 02/04/2007
- <Possible follow-up(s)>
- Re: IdP discovery protocol news, Alistair Young, 02/06/2007
  - Re: IdP discovery protocol news, Ian Young, 02/06/2007
    - Re: IdP discovery protocol news, Alistair Young, 02/06/2007
      - RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
        
        RE: IdP discovery protocol news, Alistair Young, 02/06/2007
        
        RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
  - RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
    - RE: IdP discovery protocol news, Alistair Young, 02/06/2007

List archive

Re: IdP discovery protocol news