Shibboleth Developers

["Scott Cantor" <>]

> You recommend the DS should make the decisions, not the SP.

Well, no, you do. I think there's no need for a DS at all, I'm simply saying
that from the user's point of view, the issue is more about what server
they're talking to. If you make the DS a SOAP service, it's the SP that's
interacting with the user, not the DS, so in that sense discovery has been
"addressed" at the SP.

This WAYF-style discovery proposal really has nothing to do with the kind of
model you want. It's a way to patch around the broken use of WAYFs that is
so prevalent today and do less harm to the capabilities of the SP softare
while they remain in use. That's all it's really for.

It doesn't preclude you from doing something you think is better and the
software won't care. I would hope that that's satisfactory enough.

> Though in an ideal world the SP should provide a box for the hapless user
to
> type what they think is their IdP URL.

Yeah, you know, the way that OpenID thing works? That thing that's
supposedly more suitable than SAML for wide-scale Internet use with billions
of hapless users?

Somebody's wrong. I'm not saying it's you, but somebody is.

-- Scott