Shibboleth Developers

["Josh Howlett" <>]

> > I get the impression from various folks that this is how MS 
> intend to
> > 'solve' Discovery. It doesn't seem particularly joined up with
> > WS-Federation 1.1 so I get the feeling that this fell out 
> of Cardspace
> > ex post facto...
> 
> Cardspace has little connection with WS-Federation. They're different
> approaches. Cardspace isn't browser-based, so it doesn't have 
> a discovery
> problem per se. It also isn't a SSO approach. Every SP 
> requires that you
> select a card to use. It doesn't just automatically use the same one.

That was my point; which is why I find the suggestion that Cardspace
could be used for Web SSO discovery all the more surprising. To me it
looks a somewhat specious (if that's not too unfair) way of promoting
Cardspace.

> > Although in principle a Discovery Service could make use of
> > Cardspace, it strikes me that it would end up being Just Another
> > Heuristic rather than The Answer.
> 
> I hadn't really considered it, but no, it wouldn't be a heuristic. The
> client in Cardspace chooses the IdP. There is no guessing.

The Discovery Service would not be required to observe what's asserted
in the submitted token.

Best regards, josh.