Shibboleth Developers

["Scott Cantor" <>]

> That was my point; which is why I find the suggestion that Cardspace
> could be used for Web SSO discovery all the more surprising. To me it
> looks a somewhat specious (if that's not too unfair) way of promoting
> Cardspace.

I don't think I suggested anything like that...I'm saying that Web SSO alone
is in the beginning of its decline. It isn't the long term answer. There is
no discovery problem in the newer approaches, though of course there is also
no SSO, really.

If you accept that model, you can easily accept the idea that you may as
well just do the discovery UI at the SP because the lack of totally seamless
SSO is simply an accepted consequence of the federated model and the issues
around phishing.

> > I hadn't really considered it, but no, it wouldn't be a heuristic. The
> > client in Cardspace chooses the IdP. There is no guessing.
> 
> The Discovery Service would not be required to observe what's asserted
> in the submitted token.

I don't really know exactly what you're thinking of, but any marriage I
could imagine between the two worlds is more of a proxy SSO model, not
discovery.

-- Scott