shibboleth-dev - RE: IdP discovery protocol news
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>, <>
- Subject: RE: IdP discovery protocol news
- Date: Tue, 6 Feb 2007 12:20:45 -0500
- Organization: The Ohio State University
> is that not against the SOA movement these days? Having a big blob of an
> SP, with duplicated functionality in each one, all needing updated to keep
> up with profile changes?
So when you change your non-SAML profile, nothing changes? Any software is
"duplicated" across all its installations.
This is the old argument against client software. This is why I laugh at
people that think this community will happily embrace new clients to replace
browsers. It can't even agree to put smarter software on servers.
Of course, if we wanted to support SAML 2.0 by translating everything at a
gateway, we could do that. That isn't this project's goal. I have little
doubt that federations will deploy such gateways. As migration tools they
are attractive. But that's not what happens. They just stay in place
forever. They violate privacy. They add points of failure. Etc.
> Yes the SP will have most of the information but the DS will have some too
> and the decision will be based on rules that could change all the time.
I think you're making the problem much more complex than it is. How many
people have multiple IdPs that all give them access to overlapping services?
Not very many. Heck, we have enough trouble arguing that people have one IdP
at this point.
> A semantic discovery service (SDS) would be an interesting creature.
> Client from 10.192.3.2 wants to access /medicalimages/gore.jpg. hmmm says
> SDS, I know that that IP block has several IdPs and that one of them is in
> the Faculty of Cutting Things Up. Ontological references equate cutting
> things up with medical images. "That's your best bet" it says to the SP.
> SP says, is this your IdP? If yes, SP can communicate back to SDS saying
> "well done" and SDS learns...
Ok, but meanwhile, by the time you get that built, Cardspace is out and
people are no longer using browsers to do discovery...
I think what you're describing here is overkill, basically, and you could
just put a nice little box on the page to enter the IdP and go on to more
interesting topics.
-- Scott
- RE: IdP discovery protocol news, (continued)
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- Re: IdP discovery protocol news, Chad La Joie, 02/06/2007
- Re: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- Re: IdP discovery protocol news, Alistair Young, 02/06/2007
- Re: IdP discovery protocol news, Chad La Joie, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Alistair Young, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/06/2007
- Re: IdP discovery protocol news, Spencer W. Thomas, 02/06/2007
- Re: IdP discovery protocol news, Chad La Joie, 02/06/2007
- Re: IdP discovery protocol news, Spencer W. Thomas, 02/06/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/12/2007
- RE: IdP discovery protocol news, Scott Cantor, 02/12/2007
Archive powered by MHonArc 2.6.16.