Shibboleth Developers

["Scott Cantor" <>]

> I get the impression from various folks that this is how MS intend to
> 'solve' Discovery. It doesn't seem particularly joined up with
> WS-Federation 1.1 so I get the feeling that this fell out of Cardspace
> ex post facto...

Cardspace has little connection with WS-Federation. They're different
approaches. Cardspace isn't browser-based, so it doesn't have a discovery
problem per se. It also isn't a SSO approach. Every SP requires that you
select a card to use. It doesn't just automatically use the same one.

So in a sense, my point is that Cardspace, if it succeeds, has a big impact
because it changes the perception of what authentication to web sites has to
look like, even if you still rely on browser-based protocols.

I'm not sure what you mean by "fell out of". Mostly everything they
indicated would be in 1.0 is there.

> Has anyone given Cardspace & discovery any consideration in the SAML
> world?

Lots of people. It isn't very different from the SAML ECP profile, actually.
It is entirely different then the standard browser approach. They're just
totally different things.

> Although in principle a Discovery Service could make use of
> Cardspace, it strikes me that it would end up being Just Another
> Heuristic rather than The Answer.

I hadn't really considered it, but no, it wouldn't be a heuristic. The
client in Cardspace chooses the IdP. There is no guessing.

-- Scott