Skip to Content.
Sympa Menu

shibboleth-dev - Dynamic Federation

Subject: Shibboleth Developers

List archive

Dynamic Federation


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: "Shibboleth Development" <>
  • Subject: Dynamic Federation
  • Date: Sat, 1 Dec 2007 14:50:09 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=g4gO5XIyHrnahbGc0/9+B/ZBI1u6SXUUGMoYFgRVK1gxidr6+h7s5BCvnIktwfU9ZHNLgL0MR4u1a/5F4lGV5+fh3/RyaMktJeVHyM2kemnksIu2SqgxUkamG1wugf7CBYFe/cUnnefVCPFWxwycLKIaHS3NsJxmz655xYYnV9s=
Ping Identity recently introduced the term "Dynamic Federation" and
has finally provided some details describing what they mean by this
term:

http://www.andredurand.com/2007/11/12.html#a761

Does Shib 2.0 provide similar metadata capabilities?

I find their approach to discovery even more interesting. I don't
think an SP can derive a user's IdP from their e-mail address in
general. Suppose, however, the SP obtains a valid e-mail address from
the user directly and then persists a mapping from this e-mail address
to a persistent identifier (ePPN or ePTID) asserted by the IdP. Then
the SP *can* determine the user's IdP from an input e-mail address.
It's kinda like OpenID's approach to discovery, but using e-mail
addresses instead of URLs (which may even be more palatable to users).

Tom

Archive powered by MHonArc 2.6.16.

Top of Page