Shibboleth Developers

["Josh Howlett" <>]

> > ...which I believe 
> > necessitates a new Web SSO profile that incorporates discovery 
> > explicitly. I have some rough ideas as to how Kerberos might be 
> > used to realise this.
> > 
> > for the vanila-browser case?
> 
> Perhaps.

In case anyone is interested, I have sketched out some ideas in a
document. It does support the vanilla-browser case (by which I mean most
browsers released in the last 2 or 3 years on Windows, Mac, Linux). Feel
free to mail me if you are interested in seeing it. Here's the
introduction:

"This document defines two profiles by which a relying party can
discover which identity provider a principal is using. In deployments
having more than one identity provider, relying parties need a means to
discover which identity provider a principal uses. The Kerberos
Discovery Profiles rely on a Kerberos realm asserted by the principal's
client.

The first profile is intended to be used by a relying party, such as a
Discovery Service, that interacts with the principal using an HTTP user
agent.

The second profile is intended to be used by a relying party that
interacts with client applications other than HTTP user agents. This
profile can therefore be used to federate applications other than web
services or applications."

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG