Skip to Content.
Sympa Menu

shibboleth-dev - Re: IdP discovery protocol news

Subject: Shibboleth Developers

List archive

Re: IdP discovery protocol news


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: IdP discovery protocol news
  • Date: Tue, 06 Feb 2007 12:03:13 -0500
  • Organization: OIS - Middleware
The discovery service is a web service. It is a service accessible via HTTP that takes in input and provides you output based on it's business processes. This is perfectly reasonable as an SOA component.

Maybe you mean you want it to be a SOAP service?

Alistair Young wrote:
And I think people should just stop trying to offload discovery and do it
in
the application where the decision can be made with the most information.
is that not against the SOA movement these days? Having a big blob of an
SP, with duplicated functionality in each one, all needing updated to keep
up with profile changes?

Yes the SP will have most of the information but the DS will have some too
and the decision will be based on rules that could change all the time.

The discovery service as a service that, given enough information, could
make a decision on a likely source of identity. e.g. the simplest piece of
information could be the IP address that the original request came from.
That would have to be metadata lookup. I wouldn't want an SP to have that
sort of metadata, to be updated across all SPs. Rather have it in the
discovery "service". A "web service". An authenticated, authorised web
service. A brick in the eFramework. It wouldn't need a ui if the SP does
this next:

If nothing came back from the service then the SP just spews out it's
metadata for IdPs and says "ok, find it yourself".

I think the "find it yourself" bit is what you say SPs should do
themselves but cutting down on the options based on info a user can
produce at the time (IP, perhaps resource uri etc.)

A semantic discovery service (SDS) would be an interesting creature.
Client from 10.192.3.2 wants to access /medicalimages/gore.jpg. hmmm says
SDS, I know that that IP block has several IdPs and that one of them is in
the Faculty of Cutting Things Up. Ontological references equate cutting
things up with medical images. "That's your best bet" it says to the SP.
SP says, is this your IdP? If yes, SP can communicate back to SDS saying
"well done" and SDS learns...

Alistair



--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124

Archive powered by MHonArc 2.6.16.

Top of Page