Skip to Content.
Sympa Menu

shibboleth-dev - RE: IdP discovery protocol news

Subject: Shibboleth Developers

List archive

RE: IdP discovery protocol news


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>, <>
  • Subject: RE: IdP discovery protocol news
  • Date: Tue, 6 Feb 2007 11:20:12 -0500
  • Organization: The Ohio State University

> Can we have support for clearing your selection? For users who have
> multiple IdPs for the same SP and consequently different levels of access
> to resources.

Well, that kind of sounds more like a use case for attribute aggregation
than using a different IdP. Secondly, if the SP knows enough to clear the
cookie that's nice, but the DS won't know enough to get the user to select a
different IdP than he chose to begin with.

That kind of use case is best handled at the SP, not with a centralized
WAYF.

Ian's point about this being deployable at an SP is correct, but it doesn't
mention the fact that if you have that kind of situation, you don't usually
need a standard protocol. You just build your own flow locally.

We will have a code base from Rod that people can easily extend to support
richer exchange if they want to do that, but the protocol itself can stay
simple.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page